The reject-ip-in-cc-rdns feature exists because because the
ip-in-rdns-keyword-file feature requires keywords and I only speak
English. Since I don't know how to say "dynamic" or "cable" or
"residential" in different languages, I decided that a two-character
country code would count as a keyword. I fully understand if you think
I'm conceited or even "typically American" to dismiss all foreigners as
potential spammers. :) The truth is, that solution happened to work for
me because my users don't correspond (often) with people in foreign
countries. As the spamdyke mailing list grows however, I may have to
remove that filter from my server.
Starting with version 3.1.0, spamdyke will allow top-level domains (like
country codes) to be used as keywords for ip-in-rdns-keyword-file. To
block all connections from rDNS names that contain the IP address and
end in the ".us" extension, for example, just add a line to your keyword
file:
.us
This was added for people who wanted to use reject-ip-in-cc-rdns but
didn't want to filter every country code.
My list of keywords for ip-in-rdns-keyword-file is pretty long too.
Please note: these are just the keywords I happen to use, don't assume
that you should use them also. Everything depends on your server, your
users and your needs. Here you go:
................................................................................
# Actual keywords
cable
client
cm
dhcp
dial
dialin
dialpool
dialup
din
dip
dip0
dup
dyn
dynamic
dynamicip
ev1s
in-addr
modem
ppp
pool
pools
reverse
user
# Specific providers with lots of spammers
adsl.totbb.net
adsl.proxad.net
fbx.proxad.net
hinet-ip.hinet.net
ip.secureserver.net
onocable.ono.com
res.rr.com
rev.gaoland.net
.telebecinternet.net
bb.sky.net
bb.sky.com
ptr.us.xo.net
.covad.net
adsl dsl .sbcglobal.net
adsl dsl .ameritech.net
adsl dsl .pacbell.net
adsl .bellsouth.net
wsip .cox.net
hsd1 .comcast.net
................................................................................
-- Sam Clippinger
Stefan Pausch wrote:
> Would you mind sharing your list? - I had my first false-positive with
> DENIED_IP_IN_(CC)_RDNS with hosteurope.de just yesterday.
>
> I disabled the DENIED_IP_IN_(CC)_RDNS feature, instead of whitelisting it.
> Shoud i reenable it (anyway what is it good for?)?
>
> --Stefan
>
>
>
>> -----Ursprüngliche Nachricht-----
>> Von: [EMAIL PROTECTED] [mailto:spamdyke-users-
>> [EMAIL PROTECTED] Im Auftrag von Sam Clippinger
>> Gesendet: Donnerstag, 1. Mai 2008 04:39
>> An: spamdyke users
>> Betreff: Re: [spamdyke-users] DENIED_IP_IN_(CC)_RDNS
>>
>> I can't speak for anyone else, but those two filters have been very
>> good
>> for my users. On a typical day, 30-60% of all connections to my server
>> are blocked with DENIED_IP_IN_CC_RDNS. Another 5-20% are blocked by
>> DENIED_IP_IN_RDNS. I've had to whitelist a few IP addresses with bad
>> rDNS names but that's been very rare so far (less than 5 total).
>>
>> However, servers with larger user populations and more international
>> correspondence might have different experiences.
>>
>> -- Sam Clippinger
>>
>> Marcin Orlowski wrote:
>>
>>> Hi,
>>>
>>> Anyone by any chance did sort of research if DENIED_IP_IN_*_RDNS
>>>
>> helps
>>
>>> his users or causes more problems? I formerly thought that this is
>>> more helpful, as IP in RDNS is most likely appear for home dsls,
>>>
>> dialups
>>
>>> and other stuff not supposed to run smtp server i shall trust, and if
>>> it's my users mail netline, then they shall authenticate while
>>>
>> talkign
>>
>>> to me anyway. But now I see that some telecoms offer dsls with static
>>> IPs (contrary to dyniamic one, rotated 24hs, that is addressed to
>>>
>> home
>>
>>> users) which is primarily used by companies, and therefore it's less
>>> likely for them to be spam source (due to botnes, zombies etc). I
>>>
>> even
>>
>>> saw a data center which named their rack hosts that way. I therefore
>>> think that it might be extremely useful to try to build a kind of
>>> database of providers who one may consider whitelisting even, they
>>>
>> would
>>
>>> otherwise fall into IP_IN_RDNS or IP_IN_CC_RDNS trap. Any thoughts?
>>>
>>> Marcin
>>> _______________________________________________
>>> spamdyke-users mailing list
>>> [email protected]
>>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users
>>>
>>>
>> _______________________________________________
>> spamdyke-users mailing list
>> [email protected]
>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users
>>
>> __________ Information from ESET NOD32 Antivirus, version of virus
>> signature database 3068 (20080501) __________
>>
>> The message was checked by ESET NOD32 Antivirus.
>>
>> http://www.eset.com
>>
>
>
>
> __________ Information from ESET NOD32 Antivirus, version of virus signature
> database 3068 (20080501) __________
>
> The message was checked by ESET NOD32 Antivirus.
>
> http://www.eset.com
>
>
> _______________________________________________
> spamdyke-users mailing list
> [email protected]
> http://www.spamdyke.org/mailman/listinfo/spamdyke-users
>
_______________________________________________
spamdyke-users mailing list
[email protected]
http://www.spamdyke.org/mailman/listinfo/spamdyke-users
