Sam/others, I've re-read the documentation for this feature over and over and as far as I can understand we've done all possible to stop the following.
Here's an entry log from a SPAMMER's address we'd like to reject via the ip-in-rdns-keyword-blacklist-entry feature. Oct 13 12:45:21 mail02 spamdyke[12401]: DENIED_GRAYLISTED from: [EMAIL PROTECTED] to: [EMAIL PROTECTED] origin_ip: 80.6.107.90 origin_rdns: cpc1-west2-0-0-cust857.brnt.cable.ntl.com auth: (unknown) our ip-in-rdns-keyword-blacklist-entry referenced file contains the following cable .cable.ntl.com .ntl.com cable .ntl.com Seems none of the 4 potential keyword entries we're providing is matching the above host name. The hostname should be rejected with DENIED_IP_IN_RDNS rather than DENIED_GRAYLISTED What are we doing wrong? Or is this a un-discovered bug? Thanks. ------------------------ Erald Troja Erald Troja wrote: > Sam, > > I'm reading your reply again, and perhaps I misunderstood what > you're saying. > > Here's the entry log for one of the rDNS's I'd like to reject the > connection. > > > Oct 13 11:05:41 mail02 spamdyke[29352]: DENIED_GRAYLISTED from: > [EMAIL PROTECTED] to: [EMAIL PROTECTED] origin_ip: > 82.19.66.39 origin_rdns: cpc1-rdng9-0-0-cust550.winn.cable.ntl.com auth: > (unknown) > Oct 13 11:06:23 mail02 spamdyke[31397]: DENIED_GRAYLISTED from: > [EMAIL PROTECTED] to: [EMAIL PROTECTED] origin_ip: 82.19.66.39 > origin_rdns: cpc1-rdng9-0-0-cust550.winn.cable.ntl.com auth: (unknown) > > > As you will see, there is an IP address for their rDNS. > > Are you saying that the ip-in-rdns-keyword-blacklist-entry file should > also contain the IP address of the originating connection, or as long as > their IP resolves to a numeric address, all is necessary to have is the > keyword in the ip-in-rdns-keyword-blacklist-entry ? > > Can anyone clarify this please? > > > > ------------------------ > Erald Troja > > Sam Clippinger wrote: >> In order for the keyword filter to block connections, spamdyke must >> find the keyword and the entire IP address in the rDNS name. The two >> examples you gave don't appear to contain whole IP addresses. Also, >> the second example contains the keyword "cablelink", not "cable"; >> spamdyke will not match keywords within other text. >> >> -- Sam Clippinger >> >> Erald Troja wrote: >>> Hello Folks, >>> >>> We are slowly building up on the many swiss army knife features >>> that Spamdyke offers. >>> >>> One of them is the ip-in-rdns-keyword-blacklist-entry feature >>> http://spamdyke.org/documentation/README.html#RDNS >>> >>> In essence, we notice many, next to say almost all connections >>> connecting to port 25 of our servers, with the keyword 'cable' are >>> of SPAMMY nature and we'd like to stop them. >>> >>> So, we have Spamdyke configured with >>> ip-in-rdns-keyword-blacklist-file=/etc/spamdyke/ip-in-rdns-keyword-blacklist-file >>> >>> >>> >>> and have /etc/spamdyke/ip-in-rdns-keyword-blacklist-file >>> >>> with one line containing just the keyword >>> >>> cable >>> >>> >>> We do notice logging of a handful of connections yet for example >>> >>> >>> DENIED_GRAYLISTED cpc2-midd9-0-0-cust525.midd.cable.ntl.com >>> DENIED_GRAYLISTED cablelink-173-45-65.cpe.intercable.net >>> >>> >>> are Graylisted instead of being denied connectivity. Can anyone >>> pass along some documentation on Spamdyke + keyword processing? >>> >>> Thanks. >>> >>> >> _______________________________________________ >> spamdyke-users mailing list >> [email protected] >> http://www.spamdyke.org/mailman/listinfo/spamdyke-users >> > _______________________________________________ spamdyke-users mailing list [email protected] http://www.spamdyke.org/mailman/listinfo/spamdyke-users
