No, the "reject-ip-in-cc-rdns" filter won't stop these names because
they end in ".net", which is a three-character TLD. If they ended in a
two-character TLD like ".us", it would work.
-- Sam Clippinger
Felix Bünemann wrote:
> Hello Sam,
>
> I assumed this should be blocked by the IP_IN_CC_RDNS rule, but
> apparently it isn't.
>
> -- Felix
>
> Am 19.09.2008 um 00:47 schrieb Sam Clippinger:
>
>
>> That rDNS name should be blocked, assuming that your keyword file
>> contains at least one of the following entries:
>> dip
>> .t-dialin.net
>> .dip.t-dialin.net
>>
>> -- Sam Clippinger
>>
>> Felix Bünemann wrote:
>>
>>> I just took a look at the code and found a segment which should
>>> already take care of this:
>>>
>>> /*
>>> * This block looks for the IP address as a sequence of hex
>>> bytes.
>>> * For example, if the IP is 85.135.72.234, this block looks for
>>> * 5080d7e3.
>>> */
>>> if (!return_value)
>>> {
>>> tmp_strlen = snprintf(tmp_ip, MAX_IP, "%.2x%.2x%.2x%.2x",
>>> ip_ints[0], ip_ints[1], ip_ints[2], ip_ints[3]);
>>>
>>> SPAMDYKE_LOG_EXCESSIVE(current_settings, LOG_DEBUGX_IP_IN_RDNS,
>>> tmp_strlen, tmp_ip, strlen_target_name, target_name);
>>> if (strstr(target_name, tmp_ip) != NULL)
>>> return_value = 1;
>>> }
>>> }
>>>
>>>
>>> So I wonder why the host listed below was matched by
>>> FILTER_BLACKLIST_NAME. I was under the impression that
>>> FILTER_IP_IN_CC_RDNS has a higher precedence than the blacklist file,
>>> but I might be misatken.
>>>
>>> Please shed some light on this Sam.
>>>
>>> -- Felix
>>>
>>> Am 19.09.2008 um 00:16 schrieb Felix Bünemann:
>>>
>>>
>>>
>>>> Hello,
>>>>
>>>> I noticed that spamdyke 4.0.4 is not blocking dialup hosts which use
>>>> hex-encoded ip-adress in their RDNS.
>>>>
>>>> T-Online, the biggeste German internet provider uses this scheme:
>>>>
>>>> 87.150.36.222 rdns: p579624de.dip.t-dialin.net
>>>>
>>>> 87=0x57 150=0x96 36=0x24 222=0xDE
>>>>
>>>> Should be pretty easy to add support for this.
>>>>
>>>> -- Felix Buenemann
>>>>
>>>> _______________________________________________
>>>> spamdyke-dev mailing list
>>>> [email protected]
>>>> http://www.spamdyke.org/mailman/listinfo/spamdyke-dev
>>>>
>>>>
>>> _______________________________________________
>>> spamdyke-dev mailing list
>>> [email protected]
>>> http://www.spamdyke.org/mailman/listinfo/spamdyke-dev
>>>
>>>
>> _______________________________________________
>> spamdyke-dev mailing list
>> [email protected]
>> http://www.spamdyke.org/mailman/listinfo/spamdyke-dev
>>
>
> _______________________________________________
> spamdyke-dev mailing list
> [email protected]
> http://www.spamdyke.org/mailman/listinfo/spamdyke-dev
>
_______________________________________________
spamdyke-dev mailing list
[email protected]
http://www.spamdyke.org/mailman/listinfo/spamdyke-dev
