Dear Sam, thank you for great hint. In first gues I tought root cause of problem is IP represented in DNS because it is not plain IP but dashes with leading text are used in name. I have similar entries in log like:
Apr 29 12:34:52 fw spamdyke[11641]: ALLOWED from: xx...@xxxxxxxxx to: xxx...@xxxxxx origin_ip: 88.12.245.122 origin_rdns: 122.red-88-12-245.dynamicip.rima-tde.net auth: (unknown) Going to get test, crossing my fingers Thank You Eduard [email protected] wrote on 29.04.2009 03:17:27: > You've misunderstood the meaning of the "DENIED_IP_IN_CC_RDNS" message. > That particular filter is triggered because spamdyke found the IP > address _and_ a two-letter country code. In other words, your example > was blocked because it contained the IP address and ended in ".nl". The > graylisted entry wasn't blocked because it ends in ".net". > > spamdyke searches for many different ways of putting the IP address in > the rDNS name, including reversing the octets. The full list of > patterns it checks is listed here: > http://www.spamdyke.org/documentation/README.html#RDNS > > To block dynamic hosts, enable the "ip-in-rdns-keyword-blacklist-file" > option. In the file, list a few keywords that you expect to find in > dynamic rDNS names (e.g. dhcp, dynamic, cable). When spamdyke finds the > IP address and one of those keywords, it will block the connection. > Using your example, if your keyword file contained "dsl", spamdyke would > have blocked the connection. > > There are also several RBLs that claim to block dynamic IP ranges, but I > haven't had much success with them. Matching keywords and IP addresses > has been much more fruitful for me. Your mileage may vary. > > -- Sam Clippinger > > Eduard Svarc wrote: > > > > Looking for clues, > > > > I would like reject all e-mails from dynamic IPs but seems that > > Spamdyke don't recognize all correctly like: > > > > DENIED_GRAYLISTED from: [email protected] to: > > pavel_k...@xxxxxxxx origin_ip: 99.184.238.30 origin_rdns: > > adsl-99-184-238-30.dsl.irvnca.sbcglobal.net auth: > > > > is graylisted instead denied like: > > > > DENIED_IP_IN_CC_RDNS from: [email protected] to: > > sa...@xxxxxxx origin_ip: 91.184.0.35 origin_rdns: > > 91-184-0-35.shared.hostnet.nl auth: > > > > As I see only diference is in 1st case is IP adress entered as > > reverse, but still is just plain IP. Seems that some providers trying > > to create pseudo FQDNS for theirs dynamic IPs. Denying dynamic IPs is > > great feature preventing 99% of spams, but seems it could be fooled or > > can be configured even further to intercept is? > > > > Please Help > > ------------------------------------------------------------------------ > > > > _______________________________________________ > > spamdyke-users mailing list > > [email protected] > > http://www.spamdyke.org/mailman/listinfo/spamdyke-users > > > _______________________________________________ > spamdyke-users mailing list > [email protected] > http://www.spamdyke.org/mailman/listinfo/spamdyke-users
_______________________________________________ spamdyke-users mailing list [email protected] http://www.spamdyke.org/mailman/listinfo/spamdyke-users
