Sam Clippinger wrote: > You're reading the correct section. The third and fourth paragraphs > describe "reject-unresolvable-rdns", which is the filter that was > triggered in your example. The text doesn't actually use the term "A > record", instead saying that spamdyke "attempts to get an IP address > from the name". When I wrote it, I was trying to limit my use of jargon > as much as possible. I guess I should rewrite it if it's so unclear.
It appears clearer to me now, but I think it could read a little better. "This test only attempts to get at least one IP address from the name. It does not require the rDNS name's IP address to match the remote server's IP address." might be replaced with "This is done by using the rDNS name to lookup a corresponding IP address. It does not require the corresponding address to be the same as the remote server's IP address, only that the rDNS name correspond to an IP address (or more specifically, a type A DNS record) of some sort." > Paragraphs five through ten describe "ip-in-rdns-keyword-file" and the > last paragraph describes "reject-ip-in-cc-rdns". I think I could make those read a bit better. Let me know if you'd like me to take a stab at it and we can work it out off list. > The two rules you're wanting are already there -- > "reject-unresolvable-rdns" and "ip-in-rdns-keyword-file". The former > only checks for an A record from the rDNS name. The latter checks for > the IP address in the rDNS, plus a keyword from the file. I see that now. I think I may have been having a bit of a brain fart yesterday. ;) Thanks for clearing this up for me. > -- Sam Clippinger > > Eric Shubert wrote: >> That makes sense, but it's not what I read at >> http://www.spamdyke.org/documentation/README.html#RDNS >> I don't see anything there about looking up a corresponding DNS A record. >> Is the documentation perhaps out of date? (or am I losing it?) ;) >> >> Do we perhaps need 2 parameter/rules? One for when the rDNS record does not >> contain an IP address, and another for when there is no DNS A record for the >> address that's found? >> >> Sam Clippinger wrote: >> >>> Your example was not rejected by the ip-in-rdns-keyword-file filter. It >>> was rejected by the reject-unresolvable-rdns filter because the rDNS >>> name does not resolve to an IP address (a DNS A record). In other >>> words, "ping ihsystem-65-182-166-90.pugmarks.net" will fail with >>> "unknown host". >>> >>> -- Sam Clippinger >>> >>> Eric Shubert wrote: >>> >>>> I don't understand (after having read the documentation) why the example I >>>> showed was rejected then. Please explain. >>>> >>>> Sam Clippinger wrote: >>>> >>>> >>>>> Sorry, I should have mentioned that the dots in the formats I listed can >>>>> actually be any non-alphanumeric character (dashes, underscores, etc). >>>>> >>>>> -- Sam Clippinger >>>>> >>>>> Eric Shubert wrote: >>>>> >>>>> >>>>>> Sam Clippinger wrote: >>>>>> >>>>>> >>>>>> >>>>>>> spamdyke looks for the IP address in many different formats. If the IP >>>>>>> address is 11.22.33.44, it looks for: >>>>>>> 11.22.33.44 >>>>>>> 011.022.033.044 >>>>>>> 11.022.033.044 (new in version 4.0.0) >>>>>>> 11.22.033.044 (new in version 4.0.0) >>>>>>> 11.22.33.044 (new in version 4.0.0) >>>>>>> 44.33.22.11 >>>>>>> 44.11.22.33 >>>>>>> 33.22.11.44 >>>>>>> 44.33.1122 >>>>>>> 3344.11.22 >>>>>>> 11.22.8492 (last two octets converted to long integer) >>>>>>> 11223344 >>>>>>> 011022033044 >>>>>>> 11022033044 >>>>>>> 1122033044 >>>>>>> 112233044 >>>>>>> 44332211 >>>>>>> 044033022011 >>>>>>> 185999660 (entire IP converted to long integer) >>>>>>> 0b16212c (entire IP converted to hex digits) >>>>>>> Basically, these are all the different formats I've seen in real life. >>>>>>> As people report new ones, I add them too. >>>>>>> >>>>>>> >>>>>>> >>>>>> Here's another one for you Sam: >>>>>> >>>>>> 04-16 13:01:22 DENIED_RDNS_RESOLVE from: [EMAIL PROTECTED] to: >>>>>> [EMAIL PROTECTED] origin_ip: 65.182.166.90 origin_rdns: >>>>>> ihsystem-65-182-166-90.pugmarks.net auth: (unknown) >>>>>> >>>>>> >>>>>> >>>>>> >> >> > _______________________________________________ > spamdyke-users mailing list > spamdyke-users@spamdyke.org > http://www.spamdyke.org/mailman/listinfo/spamdyke-users -- -Eric 'shubes' _______________________________________________ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
