Did you find any DENIED_IP_IN_RDNS? How are the file rights? I have entered .com and .net, not only com and net.
Regards, Ulrich Von: Eduard Svarc <[email protected]> Antworten an: <[email protected]>, spamdyke users <[email protected]> Datum: Mon, 4 May 2009 08:32:35 +0200 An: spamdyke users <[email protected]> Betreff: Re: [spamdyke-users] Problem with DENIED_IP_IN_CC_RDNS not applied to all connections Dears, I did try to block incoming mails from dynamic IPs but with partial success still having problem with: May 4 08:19:31 fw spamdyke[21023]: DENIED_GRAYLISTED from: [email protected] to: [email protected] origin_ip: 200.83.179.199 origin_rdns: pc-199-179-83-200.cm.vtr.net auth: (unknown) my \etc\spamdyke.conf contains next lines: reject-empty-rdns reject-ip-in-cc-rdns ip-in-rdns-keyword-blacklist-file=/etc/spamdyke.d/ip-in-rdns-keyword-blackli st-file reject-missing-sender-mx reject-unresolvable-rdns and file: /etc/spamdyke.d/ip-in-rdns-keyword-blacklist-file contains: dsl com net broadband dynamic In most cases it does stop e-mails from DSL line subscribers but not from all as you see from line above. Sender was just graylisted not denied with DENIED_IP_IN_CC_RDNS. May be problem is wih IP in DNS because is exact reverse of real IP 200.83.179.199. In DNS is 199-177-83-200? Should SPAMDYKE check for ala-reverse IP? Any idea where I did mistake? Tanks in advance Eduard [email protected] wrote on 29.04.2009 12:46:53: > > Dear Sam, > > thank you for great hint. In first gues I tought root cause of > problem is IP represented in DNS because it is not plain IP but > dashes with leading text are used in name. I have similar entries inlog like: > > Apr 29 12:34:52 fw spamdyke[11641]: ALLOWED from: xx...@xxxxxxxxx > to: xxx...@xxxxxx origin_ip: 88.12.245.122 origin_rdns: 122. > red-88-12-245.dynamicip.rima-tde.net auth: (unknown) > > Going to get test, crossing my fingers > Thank You > Eduard > > [email protected] wrote on 29.04.2009 03:17:27: > > > You've misunderstood the meaning of the "DENIED_IP_IN_CC_RDNS" message. > > That particular filter is triggered because spamdyke found the IP > > address _and_ a two-letter country code. In other words, your example > > was blocked because it contained the IP address and ended in ".nl". The > > graylisted entry wasn't blocked because it ends in ".net". > > > > spamdyke searches for many different ways of putting the IP address in > > the rDNS name, including reversing the octets. The full list of > > patterns it checks is listed here: > > http://www.spamdyke.org/documentation/README.html#RDNS > > > > To block dynamic hosts, enable the "ip-in-rdns-keyword-blacklist-file" > > option. In the file, list a few keywords that you expect to find in > > dynamic rDNS names (e.g. dhcp, dynamic, cable). When spamdyke finds the > > IP address and one of those keywords, it will block the connection. > > Using your example, if your keyword file contained "dsl", spamdyke would > > have blocked the connection. > > > > There are also several RBLs that claim to block dynamic IP ranges, but I > > haven't had much success with them. Matching keywords and IP addresses > > has been much more fruitful for me. Your mileage may vary. > > > > -- Sam Clippinger > > > > Eduard Svarc wrote: > > > > > > Looking for clues, > > > > > > I would like reject all e-mails from dynamic IPs but seems that > > > Spamdyke don't recognize all correctly like: > > > > > > DENIED_GRAYLISTED from: [email protected] to: > > > pavel_k...@xxxxxxxx origin_ip: 99.184.238.30 origin_rdns: > > > adsl-99-184-238-30.dsl.irvnca.sbcglobal.net auth: > > > > > > is graylisted instead denied like: > > > > > > DENIED_IP_IN_CC_RDNS from: [email protected] to: > > > sa...@xxxxxxx origin_ip: 91.184.0.35 origin_rdns: > > > 91-184-0-35.shared.hostnet.nl auth: > > > > > > As I see only diference is in 1st case is IP adress entered as > > > reverse, but still is just plain IP. Seems that some providers trying > > > to create pseudo FQDNS for theirs dynamic IPs. Denying dynamic IPs is > > > great feature preventing 99% of spams, but seems it could be fooled or > > > can be configured even further to intercept is? > > > > > > Please Help > > > ------------------------------------------------------------------------ > > > > > > _______________________________________________ > > > spamdyke-users mailing list > > > [email protected] > > > http://www.spamdyke.org/mailman/listinfo/spamdyke-users > > > > > _______________________________________________ > > spamdyke-users mailing list > > [email protected] > > http://www.spamdyke.org/mailman/listinfo/spamdyke-users > _______________________________________________ > spamdyke-users mailing list > [email protected] > http://www.spamdyke.org/mailman/listinfo/spamdyke-users
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ spamdyke-users mailing list [email protected] http://www.spamdyke.org/mailman/listinfo/spamdyke-users
