No, the "reject-ip-in-cc-rdns" filter won't stop these names because they end in ".net", which is a three-character TLD. If they ended in a two-character TLD like ".us", it would work.
-- Sam Clippinger Felix Bünemann wrote: > Hello Sam, > > I assumed this should be blocked by the IP_IN_CC_RDNS rule, but > apparently it isn't. > > -- Felix > > Am 19.09.2008 um 00:47 schrieb Sam Clippinger: > > >> That rDNS name should be blocked, assuming that your keyword file >> contains at least one of the following entries: >> dip >> .t-dialin.net >> .dip.t-dialin.net >> >> -- Sam Clippinger >> >> Felix Bünemann wrote: >> >>> I just took a look at the code and found a segment which should >>> already take care of this: >>> >>> /* >>> * This block looks for the IP address as a sequence of hex >>> bytes. >>> * For example, if the IP is 85.135.72.234, this block looks for >>> * 5080d7e3. >>> */ >>> if (!return_value) >>> { >>> tmp_strlen = snprintf(tmp_ip, MAX_IP, "%.2x%.2x%.2x%.2x", >>> ip_ints[0], ip_ints[1], ip_ints[2], ip_ints[3]); >>> >>> SPAMDYKE_LOG_EXCESSIVE(current_settings, LOG_DEBUGX_IP_IN_RDNS, >>> tmp_strlen, tmp_ip, strlen_target_name, target_name); >>> if (strstr(target_name, tmp_ip) != NULL) >>> return_value = 1; >>> } >>> } >>> >>> >>> So I wonder why the host listed below was matched by >>> FILTER_BLACKLIST_NAME. I was under the impression that >>> FILTER_IP_IN_CC_RDNS has a higher precedence than the blacklist file, >>> but I might be misatken. >>> >>> Please shed some light on this Sam. >>> >>> -- Felix >>> >>> Am 19.09.2008 um 00:16 schrieb Felix Bünemann: >>> >>> >>> >>>> Hello, >>>> >>>> I noticed that spamdyke 4.0.4 is not blocking dialup hosts which use >>>> hex-encoded ip-adress in their RDNS. >>>> >>>> T-Online, the biggeste German internet provider uses this scheme: >>>> >>>> 87.150.36.222 rdns: p579624de.dip.t-dialin.net >>>> >>>> 87=0x57 150=0x96 36=0x24 222=0xDE >>>> >>>> Should be pretty easy to add support for this. >>>> >>>> -- Felix Buenemann >>>> >>>> _______________________________________________ >>>> spamdyke-dev mailing list >>>> spamdyke-dev@spamdyke.org >>>> http://www.spamdyke.org/mailman/listinfo/spamdyke-dev >>>> >>>> >>> _______________________________________________ >>> spamdyke-dev mailing list >>> spamdyke-dev@spamdyke.org >>> http://www.spamdyke.org/mailman/listinfo/spamdyke-dev >>> >>> >> _______________________________________________ >> spamdyke-dev mailing list >> spamdyke-dev@spamdyke.org >> http://www.spamdyke.org/mailman/listinfo/spamdyke-dev >> > > _______________________________________________ > spamdyke-dev mailing list > spamdyke-dev@spamdyke.org > http://www.spamdyke.org/mailman/listinfo/spamdyke-dev > _______________________________________________ spamdyke-dev mailing list spamdyke-dev@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-dev