>From Sam's earlier post - "spamdyke must find the keyword and the entire IP address in the rDNS name. 77-96-122-40.cable.ubr02.nmal.blueyonder.co.uk does contain the IP address (i.e. 77.96.122.40) while the rdns name cpc1-west2-0-0-cust857.brnt.cable.ntl.com does not include a complete IP address so it is not filtered.
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Erald Troja Sent: Monday, October 13, 2008 1:01 PM To: spamdyke users Subject: Re: [spamdyke-users] spamdyke + ip-in-rdns-keyword-blacklist-entry option Davide, no go. Other host names containing 'cable' keyword such as 77-96-122-40.cable.ubr02.nmal.blueyonder.co.uk are properly being rejected with the right error message. ------------------------ Erald Troja Davide D'Amico wrote: > Please try with: > *.cable.* > > > d. > > > 2008/10/13 Erald Troja <[EMAIL PROTECTED]>: >> Sam/others, >> >> I've re-read the documentation for this feature over and over and as >> far as I can understand we've done all possible to stop the >> following. >> >> Here's an entry log from a SPAMMER's address we'd like to reject via >> the ip-in-rdns-keyword-blacklist-entry feature. >> >> Oct 13 12:45:21 mail02 spamdyke[12401]: DENIED_GRAYLISTED from: >> [EMAIL PROTECTED] to: [EMAIL PROTECTED] origin_ip: >> 80.6.107.90 origin_rdns: cpc1-west2-0-0-cust857.brnt.cable.ntl.com auth: >> (unknown) >> >> >> our ip-in-rdns-keyword-blacklist-entry referenced file contains the >> following >> >> >> cable >> .cable.ntl.com >> .ntl.com >> cable .ntl.com >> >> Seems none of the 4 potential keyword entries we're providing is >> matching the above host name. >> >> The hostname should be rejected with DENIED_IP_IN_RDNS rather than >> DENIED_GRAYLISTED >> >> >> What are we doing wrong? Or is this a un-discovered bug? >> >> Thanks. >> >> >> >> ------------------------ >> Erald Troja >> >> >> Erald Troja wrote: >>> Sam, >>> >>> I'm reading your reply again, and perhaps I misunderstood what >>> you're saying. >>> >>> Here's the entry log for one of the rDNS's I'd like to reject the >>> connection. >>> >>> >>> Oct 13 11:05:41 mail02 spamdyke[29352]: DENIED_GRAYLISTED from: >>> [EMAIL PROTECTED] to: [EMAIL PROTECTED] origin_ip: >>> 82.19.66.39 origin_rdns: cpc1-rdng9-0-0-cust550.winn.cable.ntl.com auth: >>> (unknown) >>> Oct 13 11:06:23 mail02 spamdyke[31397]: DENIED_GRAYLISTED from: >>> [EMAIL PROTECTED] to: [EMAIL PROTECTED] origin_ip: >>> 82.19.66.39 >>> origin_rdns: cpc1-rdng9-0-0-cust550.winn.cable.ntl.com auth: >>> (unknown) >>> >>> >>> As you will see, there is an IP address for their rDNS. >>> >>> Are you saying that the ip-in-rdns-keyword-blacklist-entry file >>> should also contain the IP address of the originating connection, or >>> as long as their IP resolves to a numeric address, all is necessary >>> to have is the keyword in the ip-in-rdns-keyword-blacklist-entry ? >>> >>> Can anyone clarify this please? >>> >>> >>> >>> ------------------------ >>> Erald Troja >>> >>> Sam Clippinger wrote: >>>> In order for the keyword filter to block connections, spamdyke must >>>> find the keyword and the entire IP address in the rDNS name. The >>>> two examples you gave don't appear to contain whole IP addresses. >>>> Also, the second example contains the keyword "cablelink", not >>>> "cable"; spamdyke will not match keywords within other text. >>>> >>>> -- Sam Clippinger >>>> >>>> Erald Troja wrote: >>>>> Hello Folks, >>>>> >>>>> We are slowly building up on the many swiss army knife features >>>>> that Spamdyke offers. >>>>> >>>>> One of them is the ip-in-rdns-keyword-blacklist-entry feature >>>>> http://spamdyke.org/documentation/README.html#RDNS >>>>> >>>>> In essence, we notice many, next to say almost all connections >>>>> connecting to port 25 of our servers, with the keyword 'cable' are >>>>> of SPAMMY nature and we'd like to stop them. >>>>> >>>>> So, we have Spamdyke configured with >>>>> ip-in-rdns-keyword-blacklist-file=/etc/spamdyke/ip-in-rdns-keyword >>>>> -blacklist-file >>>>> >>>>> >>>>> and have /etc/spamdyke/ip-in-rdns-keyword-blacklist-file >>>>> >>>>> with one line containing just the keyword >>>>> >>>>> cable >>>>> >>>>> >>>>> We do notice logging of a handful of connections yet for example >>>>> >>>>> >>>>> DENIED_GRAYLISTED cpc2-midd9-0-0-cust525.midd.cable.ntl.com >>>>> DENIED_GRAYLISTED cablelink-173-45-65.cpe.intercable.net >>>>> >>>>> >>>>> are Graylisted instead of being denied connectivity. Can anyone >>>>> pass along some documentation on Spamdyke + keyword processing? >>>>> >>>>> Thanks. >>>>> >>>>> >>>> _______________________________________________ >>>> spamdyke-users mailing list >>>> [email protected] >>>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users >>>> >> _______________________________________________ >> spamdyke-users mailing list >> [email protected] >> http://www.spamdyke.org/mailman/listinfo/spamdyke-users >> > _______________________________________________ > spamdyke-users mailing list > [email protected] > http://www.spamdyke.org/mailman/listinfo/spamdyke-users > _______________________________________________ spamdyke-users mailing list [email protected] http://www.spamdyke.org/mailman/listinfo/spamdyke-users _______________________________________________ spamdyke-users mailing list [email protected] http://www.spamdyke.org/mailman/listinfo/spamdyke-users
