I live in Italy and your 'cable' keyword is 'dynamic' here. I use this: # cat /var/db/spamdyke/rdns_blacklist.txt .*dynamic.*
and it works! d. 2008/10/13 Erald Troja <[EMAIL PROTECTED]>: > Davide, > > no go. > > Other host names containing 'cable' keyword such as > 77-96-122-40.cable.ubr02.nmal.blueyonder.co.uk are properly > being rejected with the right error message. > > > ------------------------ > Erald Troja > > > Davide D'Amico wrote: >> Please try with: >> *.cable.* >> >> >> d. >> >> >> 2008/10/13 Erald Troja <[EMAIL PROTECTED]>: >>> Sam/others, >>> >>> I've re-read the documentation for this feature over and over >>> and as far as I can understand we've done all possible to stop >>> the following. >>> >>> Here's an entry log from a SPAMMER's address we'd like to reject via the >>> ip-in-rdns-keyword-blacklist-entry feature. >>> >>> Oct 13 12:45:21 mail02 spamdyke[12401]: DENIED_GRAYLISTED from: >>> [EMAIL PROTECTED] to: [EMAIL PROTECTED] origin_ip: >>> 80.6.107.90 origin_rdns: cpc1-west2-0-0-cust857.brnt.cable.ntl.com auth: >>> (unknown) >>> >>> >>> our ip-in-rdns-keyword-blacklist-entry referenced file contains the >>> following >>> >>> >>> cable >>> .cable.ntl.com >>> .ntl.com >>> cable .ntl.com >>> >>> Seems none of the 4 potential keyword entries we're providing >>> is matching the above host name. >>> >>> The hostname should be rejected with DENIED_IP_IN_RDNS rather >>> than DENIED_GRAYLISTED >>> >>> >>> What are we doing wrong? Or is this a un-discovered bug? >>> >>> Thanks. >>> >>> >>> >>> ------------------------ >>> Erald Troja >>> >>> >>> Erald Troja wrote: >>>> Sam, >>>> >>>> I'm reading your reply again, and perhaps I misunderstood what >>>> you're saying. >>>> >>>> Here's the entry log for one of the rDNS's I'd like to reject the >>>> connection. >>>> >>>> >>>> Oct 13 11:05:41 mail02 spamdyke[29352]: DENIED_GRAYLISTED from: >>>> [EMAIL PROTECTED] to: [EMAIL PROTECTED] origin_ip: >>>> 82.19.66.39 origin_rdns: cpc1-rdng9-0-0-cust550.winn.cable.ntl.com auth: >>>> (unknown) >>>> Oct 13 11:06:23 mail02 spamdyke[31397]: DENIED_GRAYLISTED from: >>>> [EMAIL PROTECTED] to: [EMAIL PROTECTED] origin_ip: 82.19.66.39 >>>> origin_rdns: cpc1-rdng9-0-0-cust550.winn.cable.ntl.com auth: (unknown) >>>> >>>> >>>> As you will see, there is an IP address for their rDNS. >>>> >>>> Are you saying that the ip-in-rdns-keyword-blacklist-entry file should >>>> also contain the IP address of the originating connection, or as long as >>>> their IP resolves to a numeric address, all is necessary to have is the >>>> keyword in the ip-in-rdns-keyword-blacklist-entry ? >>>> >>>> Can anyone clarify this please? >>>> >>>> >>>> >>>> ------------------------ >>>> Erald Troja >>>> >>>> Sam Clippinger wrote: >>>>> In order for the keyword filter to block connections, spamdyke must >>>>> find the keyword and the entire IP address in the rDNS name. The two >>>>> examples you gave don't appear to contain whole IP addresses. Also, >>>>> the second example contains the keyword "cablelink", not "cable"; >>>>> spamdyke will not match keywords within other text. >>>>> >>>>> -- Sam Clippinger >>>>> >>>>> Erald Troja wrote: >>>>>> Hello Folks, >>>>>> >>>>>> We are slowly building up on the many swiss army knife features >>>>>> that Spamdyke offers. >>>>>> >>>>>> One of them is the ip-in-rdns-keyword-blacklist-entry feature >>>>>> http://spamdyke.org/documentation/README.html#RDNS >>>>>> >>>>>> In essence, we notice many, next to say almost all connections >>>>>> connecting to port 25 of our servers, with the keyword 'cable' are >>>>>> of SPAMMY nature and we'd like to stop them. >>>>>> >>>>>> So, we have Spamdyke configured with >>>>>> ip-in-rdns-keyword-blacklist-file=/etc/spamdyke/ip-in-rdns-keyword-blacklist-file >>>>>> >>>>>> >>>>>> and have /etc/spamdyke/ip-in-rdns-keyword-blacklist-file >>>>>> >>>>>> with one line containing just the keyword >>>>>> >>>>>> cable >>>>>> >>>>>> >>>>>> We do notice logging of a handful of connections yet for example >>>>>> >>>>>> >>>>>> DENIED_GRAYLISTED cpc2-midd9-0-0-cust525.midd.cable.ntl.com >>>>>> DENIED_GRAYLISTED cablelink-173-45-65.cpe.intercable.net >>>>>> >>>>>> >>>>>> are Graylisted instead of being denied connectivity. Can anyone >>>>>> pass along some documentation on Spamdyke + keyword processing? >>>>>> >>>>>> Thanks. >>>>>> >>>>>> >>>>> _______________________________________________ >>>>> spamdyke-users mailing list >>>>> [email protected] >>>>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users >>>>> >>> _______________________________________________ >>> spamdyke-users mailing list >>> [email protected] >>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users >>> >> _______________________________________________ >> spamdyke-users mailing list >> [email protected] >> http://www.spamdyke.org/mailman/listinfo/spamdyke-users >> > _______________________________________________ > spamdyke-users mailing list > [email protected] > http://www.spamdyke.org/mailman/listinfo/spamdyke-users > _______________________________________________ spamdyke-users mailing list [email protected] http://www.spamdyke.org/mailman/listinfo/spamdyke-users
