On Wed, Jan 20, 2010 at 04:16:29PM +1000, Res wrote:
> On Wed, 20 Jan 2010, Henrik K wrote:
>
>>>>>
>>>>> (?:[01257]|(?!127.0.0.)127|22[3-9]|2[3-9]\d|[12]\d{3,}|[3-9]\d\d+)\.\d+\.\d+\.\d+
>>>>
>>>> Thats crazy! It's wrong since 1/8 is now allocated, it also does not
>>>> detect most other bogon ranges, What is the point of this...
>>>> Another rule I now need to disable.
>>>
>>> Please open a bug...
>>
>> https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6295
>
> Thanks for logging that.
>
> I do think we need a better way to catch them, including the other
> 20 or so plus bogon ranges it currently ignores. I can see where DNS
> checks would be better suited (bogons.cymru.com), or, at the very least,
> a ruleset, which can be updated in the "daily updates run" when new
> ranges are allocated.
DNS checks would be overkill for a list that doesn't change that often.
http://www.team-cymru.org/Services/Bogons/ has good info, I'll probably open
up a new bug for improving RCVD_ILLEGAL_IP after it isn't hardcoded
anymore..
