Sam, I'm reading your reply again, and perhaps I misunderstood what you're saying.
Here's the entry log for one of the rDNS's I'd like to reject the connection. Oct 13 11:05:41 mail02 spamdyke[29352]: DENIED_GRAYLISTED from: [EMAIL PROTECTED] to: [EMAIL PROTECTED] origin_ip: 82.19.66.39 origin_rdns: cpc1-rdng9-0-0-cust550.winn.cable.ntl.com auth: (unknown) Oct 13 11:06:23 mail02 spamdyke[31397]: DENIED_GRAYLISTED from: [EMAIL PROTECTED] to: [EMAIL PROTECTED] origin_ip: 82.19.66.39 origin_rdns: cpc1-rdng9-0-0-cust550.winn.cable.ntl.com auth: (unknown) As you will see, there is an IP address for their rDNS. Are you saying that the ip-in-rdns-keyword-blacklist-entry file should also contain the IP address of the originating connection, or as long as their IP resolves to a numeric address, all is necessary to have is the keyword in the ip-in-rdns-keyword-blacklist-entry ? Can anyone clarify this please? ------------------------ Erald Troja Sam Clippinger wrote: > In order for the keyword filter to block connections, spamdyke must find > the keyword and the entire IP address in the rDNS name. The two > examples you gave don't appear to contain whole IP addresses. Also, the > second example contains the keyword "cablelink", not "cable"; spamdyke > will not match keywords within other text. > > -- Sam Clippinger > > Erald Troja wrote: >> Hello Folks, >> >> We are slowly building up on the many swiss army knife features >> that Spamdyke offers. >> >> One of them is the ip-in-rdns-keyword-blacklist-entry feature >> http://spamdyke.org/documentation/README.html#RDNS >> >> In essence, we notice many, next to say almost all connections >> connecting to port 25 of our servers, with the keyword 'cable' are >> of SPAMMY nature and we'd like to stop them. >> >> So, we have Spamdyke configured with >> ip-in-rdns-keyword-blacklist-file=/etc/spamdyke/ip-in-rdns-keyword-blacklist-file >> >> and have /etc/spamdyke/ip-in-rdns-keyword-blacklist-file >> >> with one line containing just the keyword >> >> cable >> >> >> We do notice logging of a handful of connections yet for example >> >> >> DENIED_GRAYLISTED cpc2-midd9-0-0-cust525.midd.cable.ntl.com >> DENIED_GRAYLISTED cablelink-173-45-65.cpe.intercable.net >> >> >> are Graylisted instead of being denied connectivity. Can anyone >> pass along some documentation on Spamdyke + keyword processing? >> >> Thanks. >> >> > _______________________________________________ > spamdyke-users mailing list > [email protected] > http://www.spamdyke.org/mailman/listinfo/spamdyke-users > _______________________________________________ spamdyke-users mailing list [email protected] http://www.spamdyke.org/mailman/listinfo/spamdyke-users
