Please try with: *.cable.*
d. 2008/10/13 Erald Troja <[EMAIL PROTECTED]>: > Sam/others, > > I've re-read the documentation for this feature over and over > and as far as I can understand we've done all possible to stop > the following. > > Here's an entry log from a SPAMMER's address we'd like to reject via the > ip-in-rdns-keyword-blacklist-entry feature. > > Oct 13 12:45:21 mail02 spamdyke[12401]: DENIED_GRAYLISTED from: > [EMAIL PROTECTED] to: [EMAIL PROTECTED] origin_ip: > 80.6.107.90 origin_rdns: cpc1-west2-0-0-cust857.brnt.cable.ntl.com auth: > (unknown) > > > our ip-in-rdns-keyword-blacklist-entry referenced file contains the > following > > > cable > .cable.ntl.com > .ntl.com > cable .ntl.com > > Seems none of the 4 potential keyword entries we're providing > is matching the above host name. > > The hostname should be rejected with DENIED_IP_IN_RDNS rather > than DENIED_GRAYLISTED > > > What are we doing wrong? Or is this a un-discovered bug? > > Thanks. > > > > ------------------------ > Erald Troja > > > Erald Troja wrote: >> Sam, >> >> I'm reading your reply again, and perhaps I misunderstood what >> you're saying. >> >> Here's the entry log for one of the rDNS's I'd like to reject the >> connection. >> >> >> Oct 13 11:05:41 mail02 spamdyke[29352]: DENIED_GRAYLISTED from: >> [EMAIL PROTECTED] to: [EMAIL PROTECTED] origin_ip: >> 82.19.66.39 origin_rdns: cpc1-rdng9-0-0-cust550.winn.cable.ntl.com auth: >> (unknown) >> Oct 13 11:06:23 mail02 spamdyke[31397]: DENIED_GRAYLISTED from: >> [EMAIL PROTECTED] to: [EMAIL PROTECTED] origin_ip: 82.19.66.39 >> origin_rdns: cpc1-rdng9-0-0-cust550.winn.cable.ntl.com auth: (unknown) >> >> >> As you will see, there is an IP address for their rDNS. >> >> Are you saying that the ip-in-rdns-keyword-blacklist-entry file should >> also contain the IP address of the originating connection, or as long as >> their IP resolves to a numeric address, all is necessary to have is the >> keyword in the ip-in-rdns-keyword-blacklist-entry ? >> >> Can anyone clarify this please? >> >> >> >> ------------------------ >> Erald Troja >> >> Sam Clippinger wrote: >>> In order for the keyword filter to block connections, spamdyke must >>> find the keyword and the entire IP address in the rDNS name. The two >>> examples you gave don't appear to contain whole IP addresses. Also, >>> the second example contains the keyword "cablelink", not "cable"; >>> spamdyke will not match keywords within other text. >>> >>> -- Sam Clippinger >>> >>> Erald Troja wrote: >>>> Hello Folks, >>>> >>>> We are slowly building up on the many swiss army knife features >>>> that Spamdyke offers. >>>> >>>> One of them is the ip-in-rdns-keyword-blacklist-entry feature >>>> http://spamdyke.org/documentation/README.html#RDNS >>>> >>>> In essence, we notice many, next to say almost all connections >>>> connecting to port 25 of our servers, with the keyword 'cable' are >>>> of SPAMMY nature and we'd like to stop them. >>>> >>>> So, we have Spamdyke configured with >>>> ip-in-rdns-keyword-blacklist-file=/etc/spamdyke/ip-in-rdns-keyword-blacklist-file >>>> >>>> >>>> and have /etc/spamdyke/ip-in-rdns-keyword-blacklist-file >>>> >>>> with one line containing just the keyword >>>> >>>> cable >>>> >>>> >>>> We do notice logging of a handful of connections yet for example >>>> >>>> >>>> DENIED_GRAYLISTED cpc2-midd9-0-0-cust525.midd.cable.ntl.com >>>> DENIED_GRAYLISTED cablelink-173-45-65.cpe.intercable.net >>>> >>>> >>>> are Graylisted instead of being denied connectivity. Can anyone >>>> pass along some documentation on Spamdyke + keyword processing? >>>> >>>> Thanks. >>>> >>>> >>> _______________________________________________ >>> spamdyke-users mailing list >>> [email protected] >>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users >>> >> > _______________________________________________ > spamdyke-users mailing list > [email protected] > http://www.spamdyke.org/mailman/listinfo/spamdyke-users > _______________________________________________ spamdyke-users mailing list [email protected] http://www.spamdyke.org/mailman/listinfo/spamdyke-users
