It was a test machine... I'll try again asap. d.
2008/10/14 Sam Clippinger <[EMAIL PROTECTED]>: > Are you sure that really works? Asterisks are not valid in blacklist > files, nor are trailing dots. > > If it does work, it's a bug. :) > > -- Sam Clippinger > > Davide D'Amico wrote: >> I live in Italy and your 'cable' keyword is 'dynamic' here. >> I use this: >> # cat /var/db/spamdyke/rdns_blacklist.txt >> .*dynamic.* >> >> and it works! >> >> d. >> >> 2008/10/13 Erald Troja <[EMAIL PROTECTED]>: >> >>> Davide, >>> >>> no go. >>> >>> Other host names containing 'cable' keyword such as >>> 77-96-122-40.cable.ubr02.nmal.blueyonder.co.uk are properly >>> being rejected with the right error message. >>> >>> >>> ------------------------ >>> Erald Troja >>> >>> >>> Davide D'Amico wrote: >>> >>>> Please try with: >>>> *.cable.* >>>> >>>> >>>> d. >>>> >>>> >>>> 2008/10/13 Erald Troja <[EMAIL PROTECTED]>: >>>> >>>>> Sam/others, >>>>> >>>>> I've re-read the documentation for this feature over and over >>>>> and as far as I can understand we've done all possible to stop >>>>> the following. >>>>> >>>>> Here's an entry log from a SPAMMER's address we'd like to reject via the >>>>> ip-in-rdns-keyword-blacklist-entry feature. >>>>> >>>>> Oct 13 12:45:21 mail02 spamdyke[12401]: DENIED_GRAYLISTED from: >>>>> [EMAIL PROTECTED] to: [EMAIL PROTECTED] origin_ip: >>>>> 80.6.107.90 origin_rdns: cpc1-west2-0-0-cust857.brnt.cable.ntl.com auth: >>>>> (unknown) >>>>> >>>>> >>>>> our ip-in-rdns-keyword-blacklist-entry referenced file contains the >>>>> following >>>>> >>>>> >>>>> cable >>>>> .cable.ntl.com >>>>> .ntl.com >>>>> cable .ntl.com >>>>> >>>>> Seems none of the 4 potential keyword entries we're providing >>>>> is matching the above host name. >>>>> >>>>> The hostname should be rejected with DENIED_IP_IN_RDNS rather >>>>> than DENIED_GRAYLISTED >>>>> >>>>> >>>>> What are we doing wrong? Or is this a un-discovered bug? >>>>> >>>>> Thanks. >>>>> >>>>> >>>>> >>>>> ------------------------ >>>>> Erald Troja >>>>> >>>>> >>>>> Erald Troja wrote: >>>>> >>>>>> Sam, >>>>>> >>>>>> I'm reading your reply again, and perhaps I misunderstood what >>>>>> you're saying. >>>>>> >>>>>> Here's the entry log for one of the rDNS's I'd like to reject the >>>>>> connection. >>>>>> >>>>>> >>>>>> Oct 13 11:05:41 mail02 spamdyke[29352]: DENIED_GRAYLISTED from: >>>>>> [EMAIL PROTECTED] to: [EMAIL PROTECTED] origin_ip: >>>>>> 82.19.66.39 origin_rdns: cpc1-rdng9-0-0-cust550.winn.cable.ntl.com auth: >>>>>> (unknown) >>>>>> Oct 13 11:06:23 mail02 spamdyke[31397]: DENIED_GRAYLISTED from: >>>>>> [EMAIL PROTECTED] to: [EMAIL PROTECTED] origin_ip: 82.19.66.39 >>>>>> origin_rdns: cpc1-rdng9-0-0-cust550.winn.cable.ntl.com auth: (unknown) >>>>>> >>>>>> >>>>>> As you will see, there is an IP address for their rDNS. >>>>>> >>>>>> Are you saying that the ip-in-rdns-keyword-blacklist-entry file should >>>>>> also contain the IP address of the originating connection, or as long as >>>>>> their IP resolves to a numeric address, all is necessary to have is the >>>>>> keyword in the ip-in-rdns-keyword-blacklist-entry ? >>>>>> >>>>>> Can anyone clarify this please? >>>>>> >>>>>> >>>>>> >>>>>> ------------------------ >>>>>> Erald Troja >>>>>> >>>>>> Sam Clippinger wrote: >>>>>> >>>>>>> In order for the keyword filter to block connections, spamdyke must >>>>>>> find the keyword and the entire IP address in the rDNS name. The two >>>>>>> examples you gave don't appear to contain whole IP addresses. Also, >>>>>>> the second example contains the keyword "cablelink", not "cable"; >>>>>>> spamdyke will not match keywords within other text. >>>>>>> >>>>>>> -- Sam Clippinger >>>>>>> >>>>>>> Erald Troja wrote: >>>>>>> >>>>>>>> Hello Folks, >>>>>>>> >>>>>>>> We are slowly building up on the many swiss army knife features >>>>>>>> that Spamdyke offers. >>>>>>>> >>>>>>>> One of them is the ip-in-rdns-keyword-blacklist-entry feature >>>>>>>> http://spamdyke.org/documentation/README.html#RDNS >>>>>>>> >>>>>>>> In essence, we notice many, next to say almost all connections >>>>>>>> connecting to port 25 of our servers, with the keyword 'cable' are >>>>>>>> of SPAMMY nature and we'd like to stop them. >>>>>>>> >>>>>>>> So, we have Spamdyke configured with >>>>>>>> ip-in-rdns-keyword-blacklist-file=/etc/spamdyke/ip-in-rdns-keyword-blacklist-file >>>>>>>> >>>>>>>> >>>>>>>> and have /etc/spamdyke/ip-in-rdns-keyword-blacklist-file >>>>>>>> >>>>>>>> with one line containing just the keyword >>>>>>>> >>>>>>>> cable >>>>>>>> >>>>>>>> >>>>>>>> We do notice logging of a handful of connections yet for example >>>>>>>> >>>>>>>> >>>>>>>> DENIED_GRAYLISTED cpc2-midd9-0-0-cust525.midd.cable.ntl.com >>>>>>>> DENIED_GRAYLISTED cablelink-173-45-65.cpe.intercable.net >>>>>>>> >>>>>>>> >>>>>>>> are Graylisted instead of being denied connectivity. Can anyone >>>>>>>> pass along some documentation on Spamdyke + keyword processing? >>>>>>>> >>>>>>>> Thanks. >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>> _______________________________________________ >>>>>>> spamdyke-users mailing list >>>>>>> [email protected] >>>>>>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users >>>>>>> >>>>>>> >>>>> _______________________________________________ >>>>> spamdyke-users mailing list >>>>> [email protected] >>>>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users >>>>> >>>>> >>>> _______________________________________________ >>>> spamdyke-users mailing list >>>> [email protected] >>>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users >>>> >>>> >>> _______________________________________________ >>> spamdyke-users mailing list >>> [email protected] >>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users >>> >>> >> _______________________________________________ >> spamdyke-users mailing list >> [email protected] >> http://www.spamdyke.org/mailman/listinfo/spamdyke-users >> > _______________________________________________ > spamdyke-users mailing list > [email protected] > http://www.spamdyke.org/mailman/listinfo/spamdyke-users > _______________________________________________ spamdyke-users mailing list [email protected] http://www.spamdyke.org/mailman/listinfo/spamdyke-users
