Re: [spamdyke-dev] Additional IP_IN_CC_RDNS scheme

Fri, 19 Sep 2008 03:27:20 -0700 

Hello Sam,

I assumed this should be blocked by the IP_IN_CC_RDNS rule, but  
apparently it isn't.

-- Felix

Am 19.09.2008 um 00:47 schrieb Sam Clippinger:

> That rDNS name should be blocked, assuming that your keyword file
> contains at least one of the following entries:
>    dip
>    .t-dialin.net
>    .dip.t-dialin.net
>
> -- Sam Clippinger
>
> Felix Bünemann wrote:
>> I just took a look at the code and found a segment which should
>> already take care of this:
>>
>>     /*
>>      * This block looks for the IP address as a sequence of hex  
>> bytes.
>>      * For example, if the IP is 85.135.72.234, this block looks for
>>      * 5080d7e3.
>>      */
>>     if (!return_value)
>>       {
>>       tmp_strlen = snprintf(tmp_ip, MAX_IP, "%.2x%.2x%.2x%.2x",
>> ip_ints[0], ip_ints[1], ip_ints[2], ip_ints[3]);
>>
>>       SPAMDYKE_LOG_EXCESSIVE(current_settings, LOG_DEBUGX_IP_IN_RDNS,
>> tmp_strlen, tmp_ip, strlen_target_name, target_name);
>>       if (strstr(target_name, tmp_ip) != NULL)
>>         return_value = 1;
>>       }
>>     }
>>
>>
>> So I wonder why the host listed below was matched by
>> FILTER_BLACKLIST_NAME. I was under the impression that
>> FILTER_IP_IN_CC_RDNS has a higher precedence than the blacklist file,
>> but I might be misatken.
>>
>> Please shed some light on this Sam.
>>
>> -- Felix
>>
>> Am 19.09.2008 um 00:16 schrieb Felix Bünemann:
>>
>>
>>> Hello,
>>>
>>> I noticed that spamdyke 4.0.4 is not blocking dialup hosts which use
>>> hex-encoded ip-adress in their RDNS.
>>>
>>> T-Online, the biggeste German internet provider uses this scheme:
>>>
>>> 87.150.36.222 rdns: p579624de.dip.t-dialin.net
>>>
>>> 87=0x57 150=0x96 36=0x24 222=0xDE
>>>
>>> Should be pretty easy to add support for this.
>>>
>>> -- Felix Buenemann
>>>
>>> _______________________________________________
>>> spamdyke-dev mailing list
>>> [email protected]
>>> http://www.spamdyke.org/mailman/listinfo/spamdyke-dev
>>>
>>
>> _______________________________________________
>> spamdyke-dev mailing list
>> [email protected]
>> http://www.spamdyke.org/mailman/listinfo/spamdyke-dev
>>
> _______________________________________________
> spamdyke-dev mailing list
> [email protected]
> http://www.spamdyke.org/mailman/listinfo/spamdyke-dev

_______________________________________________
spamdyke-dev mailing list
[email protected]
http://www.spamdyke.org/mailman/listinfo/spamdyke-dev

Reply via email to