Re: [spamdyke-users] problems with DENIED_IP_IN_CC_RDNS
I'll add this to the filter list. Thanks! -- Sam Clippinger Arne Metzger wrote: Hi, sorry that i am pushing an older thread. I just found a new format for the IP address: May 6 23:25:13 xxx spamdyke[18356]: DENIED_RDNS_RESOLVE from: [EMAIL PROTECTED] to: [EMAIL PROTECTED] origin_ip: 190.25.37.99 origin_rdns: adsl190-2537099.dyn.etb.net.co auth: (unknown) Regards, Arne Sam Clippinger schrieb: spamdyke looks for the IP address in many different formats. If the IP address is 11.22.33.44, it looks for: 11.22.33.44 011.022.033.044 11.022.033.044 (new in version 4.0.0) 11.22.033.044 (new in version 4.0.0) 11.22.33.044 (new in version 4.0.0) 44.33.22.11 44.11.22.33 33.22.11.44 44.33.1122 3344.11.22 11.22.8492 (last two octets converted to long integer) 11223344 011022033044 11022033044 1122033044 112233044 44332211 044033022011 185999660 (entire IP converted to long integer) 0b16212c (entire IP converted to hex digits) Basically, these are all the different formats I've seen in real life. As people report new ones, I add them too. As for putting filter entries in the main configuration file instead of separate files, I'm a step ahead of you. :) Version 4.0.0 already contains this feature. -- Sam Clippinger Marcin Orlowski wrote: Sam Clippinger wrote: Other connections are not being blocked because their rDNS names don't end in country codes. Instead, they use three-character TLDs like .com and .net. If you want to block those connections as well, use the ip-in-rdns-keyword-file option and put .com and .net in the keyword file. Thanks! That seem to work fine. Would it be possible to also match IPs in glued form? i.e: 11.22.33.44 = 11223344.domain not just 11.22.33.44.domain? PS: I'd love to have just one config file for spamdyke for siplicity and instead of ip-in-rdns-keyword-file put just a bunch of ip-in-rdns-keyword=.com ip-in-rdns-keyword=.net type of entires in main config file. Doable? Thanks for nice tool. Regards, ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] problems with DENIED_IP_IN_CC_RDNS
Sam Clippinger wrote: The defaults are described in the text of each section in the README file but not in the table that shows all of the configuration options... I didn't realize that. The defaults are printed in the help screen when you run spamdyke -h. --max-recipients NUM Allow a maximum of NUM recipients per connection for non-local senders. Default: unlimited recipients per connection. NUM must be between (or equal to) 0 and 2147483647. Well, I still have to *guess* if 0 means unlimited recipients here ;) BTW: There's no anchor for Extra Utilities on http://spamdyke.org/documentation/README.html Regards, -- Daddy, what Formatting drive C: means?... Marcinhttp://wfmh.org.pl/carlos/ ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] problems with DENIED_IP_IN_CC_RDNS
Sorry about that. :) I've fixed the web page and the help text will be updated in version 4.0.0. Thanks! -- Sam Clippinger Marcin Orlowski wrote: Sam Clippinger wrote: The defaults are described in the text of each section in the README file but not in the table that shows all of the configuration options... I didn't realize that. The defaults are printed in the help screen when you run spamdyke -h. --max-recipients NUM Allow a maximum of NUM recipients per connection for non-local senders. Default: unlimited recipients per connection. NUM must be between (or equal to) 0 and 2147483647. Well, I still have to *guess* if 0 means unlimited recipients here ;) BTW: There's no anchor for Extra Utilities on http://spamdyke.org/documentation/README.html Regards, ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] problems with DENIED_IP_IN_CC_RDNS
Sam Clippinger wrote: I can always use help writing documentation. Let me finish making the updates for the version 4.0 changes, then I'll send them to you to see if you think they need polishing. Thanks! BTW: documentation lacks information of default values, for options like graylist-max-secs, graylist-min-secs, etc. Regards, -- Daddy, what Formatting drive C: means?... Marcinhttp://wfmh.org.pl/carlos/ ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] problems with DENIED_IP_IN_CC_RDNS
The defaults are described in the text of each section in the README file but not in the table that shows all of the configuration options... I didn't realize that. The defaults are printed in the help screen when you run spamdyke -h. I'll add the defaults to the usage section of the README file when I'm updating documentation for version 4.0.0. Thanks for pointing this out. -- Sam Clippinger Marcin Orlowski wrote: Sam Clippinger wrote: I can always use help writing documentation. Let me finish making the updates for the version 4.0 changes, then I'll send them to you to see if you think they need polishing. Thanks! BTW: documentation lacks information of default values, for options like graylist-max-secs, graylist-min-secs, etc. Regards, ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] problems with DENIED_IP_IN_CC_RDNS
Sam Clippinger wrote: You're reading the correct section. The third and fourth paragraphs describe reject-unresolvable-rdns, which is the filter that was triggered in your example. The text doesn't actually use the term A record, instead saying that spamdyke attempts to get an IP address from the name. When I wrote it, I was trying to limit my use of jargon as much as possible. I guess I should rewrite it if it's so unclear. It appears clearer to me now, but I think it could read a little better. This test only attempts to get at least one IP address from the name. It does not require the rDNS name's IP address to match the remote server's IP address. might be replaced with This is done by using the rDNS name to lookup a corresponding IP address. It does not require the corresponding address to be the same as the remote server's IP address, only that the rDNS name correspond to an IP address (or more specifically, a type A DNS record) of some sort. Paragraphs five through ten describe ip-in-rdns-keyword-file and the last paragraph describes reject-ip-in-cc-rdns. I think I could make those read a bit better. Let me know if you'd like me to take a stab at it and we can work it out off list. The two rules you're wanting are already there -- reject-unresolvable-rdns and ip-in-rdns-keyword-file. The former only checks for an A record from the rDNS name. The latter checks for the IP address in the rDNS, plus a keyword from the file. I see that now. I think I may have been having a bit of a brain fart yesterday. ;) Thanks for clearing this up for me. -- Sam Clippinger Eric Shubert wrote: That makes sense, but it's not what I read at http://www.spamdyke.org/documentation/README.html#RDNS I don't see anything there about looking up a corresponding DNS A record. Is the documentation perhaps out of date? (or am I losing it?) ;) Do we perhaps need 2 parameter/rules? One for when the rDNS record does not contain an IP address, and another for when there is no DNS A record for the address that's found? Sam Clippinger wrote: Your example was not rejected by the ip-in-rdns-keyword-file filter. It was rejected by the reject-unresolvable-rdns filter because the rDNS name does not resolve to an IP address (a DNS A record). In other words, ping ihsystem-65-182-166-90.pugmarks.net will fail with unknown host. -- Sam Clippinger Eric Shubert wrote: I don't understand (after having read the documentation) why the example I showed was rejected then. Please explain. Sam Clippinger wrote: Sorry, I should have mentioned that the dots in the formats I listed can actually be any non-alphanumeric character (dashes, underscores, etc). -- Sam Clippinger Eric Shubert wrote: Sam Clippinger wrote: spamdyke looks for the IP address in many different formats. If the IP address is 11.22.33.44, it looks for: 11.22.33.44 011.022.033.044 11.022.033.044 (new in version 4.0.0) 11.22.033.044 (new in version 4.0.0) 11.22.33.044 (new in version 4.0.0) 44.33.22.11 44.11.22.33 33.22.11.44 44.33.1122 3344.11.22 11.22.8492 (last two octets converted to long integer) 11223344 011022033044 11022033044 1122033044 112233044 44332211 044033022011 185999660 (entire IP converted to long integer) 0b16212c (entire IP converted to hex digits) Basically, these are all the different formats I've seen in real life. As people report new ones, I add them too. Here's another one for you Sam: 04-16 13:01:22 DENIED_RDNS_RESOLVE from: [EMAIL PROTECTED] to: [EMAIL PROTECTED] origin_ip: 65.182.166.90 origin_rdns: ihsystem-65-182-166-90.pugmarks.net auth: (unknown) ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users -- -Eric 'shubes' ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] problems with DENIED_IP_IN_CC_RDNS
I can always use help writing documentation. Let me finish making the updates for the version 4.0 changes, then I'll send them to you to see if you think they need polishing. Thanks! -- Sam Clippinger Eric Shubert wrote: Sam Clippinger wrote: You're reading the correct section. The third and fourth paragraphs describe reject-unresolvable-rdns, which is the filter that was triggered in your example. The text doesn't actually use the term A record, instead saying that spamdyke attempts to get an IP address from the name. When I wrote it, I was trying to limit my use of jargon as much as possible. I guess I should rewrite it if it's so unclear. It appears clearer to me now, but I think it could read a little better. This test only attempts to get at least one IP address from the name. It does not require the rDNS name's IP address to match the remote server's IP address. might be replaced with This is done by using the rDNS name to lookup a corresponding IP address. It does not require the corresponding address to be the same as the remote server's IP address, only that the rDNS name correspond to an IP address (or more specifically, a type A DNS record) of some sort. Paragraphs five through ten describe ip-in-rdns-keyword-file and the last paragraph describes reject-ip-in-cc-rdns. I think I could make those read a bit better. Let me know if you'd like me to take a stab at it and we can work it out off list. The two rules you're wanting are already there -- reject-unresolvable-rdns and ip-in-rdns-keyword-file. The former only checks for an A record from the rDNS name. The latter checks for the IP address in the rDNS, plus a keyword from the file. I see that now. I think I may have been having a bit of a brain fart yesterday. ;) Thanks for clearing this up for me. -- Sam Clippinger Eric Shubert wrote: That makes sense, but it's not what I read at http://www.spamdyke.org/documentation/README.html#RDNS I don't see anything there about looking up a corresponding DNS A record. Is the documentation perhaps out of date? (or am I losing it?) ;) Do we perhaps need 2 parameter/rules? One for when the rDNS record does not contain an IP address, and another for when there is no DNS A record for the address that's found? Sam Clippinger wrote: Your example was not rejected by the ip-in-rdns-keyword-file filter. It was rejected by the reject-unresolvable-rdns filter because the rDNS name does not resolve to an IP address (a DNS A record). In other words, ping ihsystem-65-182-166-90.pugmarks.net will fail with unknown host. -- Sam Clippinger Eric Shubert wrote: I don't understand (after having read the documentation) why the example I showed was rejected then. Please explain. Sam Clippinger wrote: Sorry, I should have mentioned that the dots in the formats I listed can actually be any non-alphanumeric character (dashes, underscores, etc). -- Sam Clippinger Eric Shubert wrote: Sam Clippinger wrote: spamdyke looks for the IP address in many different formats. If the IP address is 11.22.33.44, it looks for: 11.22.33.44 011.022.033.044 11.022.033.044 (new in version 4.0.0) 11.22.033.044 (new in version 4.0.0) 11.22.33.044 (new in version 4.0.0) 44.33.22.11 44.11.22.33 33.22.11.44 44.33.1122 3344.11.22 11.22.8492 (last two octets converted to long integer) 11223344 011022033044 11022033044 1122033044 112233044 44332211 044033022011 185999660 (entire IP converted to long integer) 0b16212c (entire IP converted to hex digits) Basically, these are all the different formats I've seen in real life. As people report new ones, I add them too. Here's another one for you Sam: 04-16 13:01:22 DENIED_RDNS_RESOLVE from: [EMAIL PROTECTED] to: [EMAIL PROTECTED] origin_ip: 65.182.166.90 origin_rdns: ihsystem-65-182-166-90.pugmarks.net auth: (unknown) ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] problems with DENIED_IP_IN_CC_RDNS
This behavior is correct. The reject-ip-in-cc-rdns option will only block a connection if it meets two criteria: 1) The IP address must be part of the rDNS name. 2) The rDNS name must end in a two-character country code. That's why you're seeing some connections being blocked -- their rDNS names end in country codes like .tr, .md and .ar. Other connections are not being blocked because their rDNS names don't end in country codes. Instead, they use three-character TLDs like .com and .net. If you want to block those connections as well, use the ip-in-rdns-keyword-file option and put .com and .net in the keyword file. -- Sam Clippinger Marcin Orlowski wrote: Hi, I am running latest spamdyke on couple of boxes with just plain config like: log-level=2 reject-empty-rdns reject-unresolvable-rdns reject-ip-in-cc-rdns greeting-delay-secs=5 but when I check the logs i see that DENIED_IP_IN_CC_RDNS does not work as expected. At the same time I see entries like: Apr 22 00:53:12 b1 spamdyke[24736]: DENIED_IP_IN_CC_RDNS from: [EMAIL PROTECTED] to: XX origin_ip: 85.107.109.226 origin_rdns: dsl85-107-28130.ttnet.net.tr auth: (unknown) Apr 22 00:53:12 b1 spamdyke[24732]: DENIED_IP_IN_CC_RDNS from: [EMAIL PROTECTED] to: XX origin_ip: 87.248.169.195 origin_rdns: 87-248-169-195.starnet.md auth: (unknown) Apr 22 00:53:27 b1 spamdyke[24738]: DENIED_IP_IN_CC_RDNS from: [EMAIL PROTECTED] to: XX origin_ip: 190.55.105.219 origin_rdns: cpe-190-55-105-219.telecentro.com.ar auth: (unknown) Apr 22 00:53:29 b1 spamdyke[24740]: DENIED_IP_IN_CC_RDNS from: [EMAIL PROTECTED] to: XX origin_ip: 190.173.222.12 origin_rdns: 190-173-222-12.speedy.com.ar auth: (unknown) Apr 22 00:53:52 b1 spamdyke[24743]: DENIED_IP_IN_CC_RDNS from: [EMAIL PROTECTED] to: XX origin_ip: 190.55.105.219 origin_rdns: cpe-190-55-105-219.telecentro.com.ar auth: (unknown) but also these: Apr 22 00:51:30 b1 spamdyke[23611]: ALLOWED from: [EMAIL PROTECTED] to: XX origin_ip: 68.38.167.167 origin_rdns: c-68-38-167-167.hsd1.nj.comcast.net auth: (unknown) Apr 22 00:51:31 b1 spamdyke[23612]: ALLOWED from: [EMAIL PROTECTED] to: XX origin_ip: 65.83.199.240 origin_rdns: adsl-83-199-240.asm.bellsouth.net auth: (unknown) Apr 22 00:51:39 b1 spamdyke[23742]: ALLOWED from: [EMAIL PROTECTED] to: XX origin_ip: 64.237.158.67 origin_rdns: adsl-64-237-158-67.prtc.net auth: (unknown) Apr 22 00:51:42 b1 spamdyke[23744]: ALLOWED from: (unknown) to: XX origin_ip: 146.82.152.68 origin_rdns: mman.smacek.com auth: (unknown) Apr 22 00:52:21 b1 spamdyke[23999]: ALLOWED from: [EMAIL PROTECTED] to: XX origin_ip: 72.82.207.15 origin_rdns: pool-72-82-207-15.cmdnnj.east.verizon.net auth: (unknown) whose, to my underdstanding should be already trapped in DENIED_IP_IN_CC_RDNS but passed. It looks as spamdyke gets fooled sometimes when, perhaps, there is a letter prefix with dash prior the ip in rdns? Bug or feature? Thanks, Marcin ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] problems with DENIED_IP_IN_CC_RDNS
Sam Clippinger wrote: This behavior is correct. The reject-ip-in-cc-rdns option will only I just found out that leading zero fools this filter: 111.222.111.33 = 111-222-11-033.domain pass while it should not Regards, -- Daddy, what Formatting drive C: means?... Marcinhttp://wfmh.org.pl/carlos/ ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] problems with DENIED_IP_IN_CC_RDNS
Sam Clippinger wrote: Other connections are not being blocked because their rDNS names don't end in country codes. Instead, they use three-character TLDs like .com and .net. If you want to block those connections as well, use the ip-in-rdns-keyword-file option and put .com and .net in the keyword file. That would match the string anywhere in the rdns string though, not only at the end. Might this be a(nother) reason to implement regex matching? (e.g. \.com$) -- -Eric 'shubes' ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] problems with DENIED_IP_IN_CC_RDNS
spamdyke looks for the IP address in many different formats. If the IP address is 11.22.33.44, it looks for: 11.22.33.44 011.022.033.044 11.022.033.044 (new in version 4.0.0) 11.22.033.044 (new in version 4.0.0) 11.22.33.044 (new in version 4.0.0) 44.33.22.11 44.11.22.33 33.22.11.44 44.33.1122 3344.11.22 11.22.8492 (last two octets converted to long integer) 11223344 011022033044 11022033044 1122033044 112233044 44332211 044033022011 185999660 (entire IP converted to long integer) 0b16212c (entire IP converted to hex digits) Basically, these are all the different formats I've seen in real life. As people report new ones, I add them too. As for putting filter entries in the main configuration file instead of separate files, I'm a step ahead of you. :) Version 4.0.0 already contains this feature. -- Sam Clippinger Marcin Orlowski wrote: Sam Clippinger wrote: Other connections are not being blocked because their rDNS names don't end in country codes. Instead, they use three-character TLDs like .com and .net. If you want to block those connections as well, use the ip-in-rdns-keyword-file option and put .com and .net in the keyword file. Thanks! That seem to work fine. Would it be possible to also match IPs in glued form? i.e: 11.22.33.44 = 11223344.domain not just 11.22.33.44.domain? PS: I'd love to have just one config file for spamdyke for siplicity and instead of ip-in-rdns-keyword-file put just a bunch of ip-in-rdns-keyword=.com ip-in-rdns-keyword=.net type of entires in main config file. Doable? Thanks for nice tool. Regards, ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] problems with DENIED_IP_IN_CC_RDNS
I see. I still think that regex's are more intuitive/flexible though. ;) Sam Clippinger wrote: If the entry starts with a dot, it will only match the end of the rDNS name. If there is no dot, it will match anywhere in the name. -- Sam Clippinger Eric Shubert wrote: Sam Clippinger wrote: Other connections are not being blocked because their rDNS names don't end in country codes. Instead, they use three-character TLDs like .com and .net. If you want to block those connections as well, use the ip-in-rdns-keyword-file option and put .com and .net in the keyword file. That would match the string anywhere in the rdns string though, not only at the end. Might this be a(nother) reason to implement regex matching? (e.g. \.com$) -- -Eric 'shubes' ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] problems with DENIED_IP_IN_CC_RDNS
Sam Clippinger wrote: spamdyke looks for the IP address in many different formats. If the IP address is 11.22.33.44, it looks for: 11.22.33.44 011.022.033.044 11.022.033.044 (new in version 4.0.0) 11.22.033.044 (new in version 4.0.0) 11.22.33.044 (new in version 4.0.0) 44.33.22.11 44.11.22.33 33.22.11.44 44.33.1122 3344.11.22 11.22.8492 (last two octets converted to long integer) 11223344 011022033044 11022033044 1122033044 112233044 44332211 044033022011 185999660 (entire IP converted to long integer) 0b16212c (entire IP converted to hex digits) Basically, these are all the different formats I've seen in real life. As people report new ones, I add them too. Here's another one for you Sam: 04-16 13:01:22 DENIED_RDNS_RESOLVE from: [EMAIL PROTECTED] to: [EMAIL PROTECTED] origin_ip: 65.182.166.90 origin_rdns: ihsystem-65-182-166-90.pugmarks.net auth: (unknown) -- -Eric 'shubes' ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] problems with DENIED_IP_IN_CC_RDNS
Sorry, I should have mentioned that the dots in the formats I listed can actually be any non-alphanumeric character (dashes, underscores, etc). -- Sam Clippinger Eric Shubert wrote: Sam Clippinger wrote: spamdyke looks for the IP address in many different formats. If the IP address is 11.22.33.44, it looks for: 11.22.33.44 011.022.033.044 11.022.033.044 (new in version 4.0.0) 11.22.033.044 (new in version 4.0.0) 11.22.33.044 (new in version 4.0.0) 44.33.22.11 44.11.22.33 33.22.11.44 44.33.1122 3344.11.22 11.22.8492 (last two octets converted to long integer) 11223344 011022033044 11022033044 1122033044 112233044 44332211 044033022011 185999660 (entire IP converted to long integer) 0b16212c (entire IP converted to hex digits) Basically, these are all the different formats I've seen in real life. As people report new ones, I add them too. Here's another one for you Sam: 04-16 13:01:22 DENIED_RDNS_RESOLVE from: [EMAIL PROTECTED] to: [EMAIL PROTECTED] origin_ip: 65.182.166.90 origin_rdns: ihsystem-65-182-166-90.pugmarks.net auth: (unknown) ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] problems with DENIED_IP_IN_CC_RDNS
Sam Clippinger wrote: spamdyke looks for the IP address in many different formats. If the IP address is 11.22.33.44, it looks for: 11.22.33.44 011.022.033.044 [...] As for putting filter entries in the main configuration file instead of separate files, I'm a step ahead of you. :) Version 4.0.0 already contains this feature. What about option to allow matching i.e. 3 (or maybe even 2) parts of IP address? Pretty often seen, i.e. 11.22.33.44 = 44.33.22.foo.bar or (just seen in logs) 11.22.33.44 = host44-33-dynamic.22-11-x.foo ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] problems with DENIED_IP_IN_CC_RDNS
That makes sense, but it's not what I read at http://www.spamdyke.org/documentation/README.html#RDNS I don't see anything there about looking up a corresponding DNS A record. Is the documentation perhaps out of date? (or am I losing it?) ;) Do we perhaps need 2 parameter/rules? One for when the rDNS record does not contain an IP address, and another for when there is no DNS A record for the address that's found? Sam Clippinger wrote: Your example was not rejected by the ip-in-rdns-keyword-file filter. It was rejected by the reject-unresolvable-rdns filter because the rDNS name does not resolve to an IP address (a DNS A record). In other words, ping ihsystem-65-182-166-90.pugmarks.net will fail with unknown host. -- Sam Clippinger Eric Shubert wrote: I don't understand (after having read the documentation) why the example I showed was rejected then. Please explain. Sam Clippinger wrote: Sorry, I should have mentioned that the dots in the formats I listed can actually be any non-alphanumeric character (dashes, underscores, etc). -- Sam Clippinger Eric Shubert wrote: Sam Clippinger wrote: spamdyke looks for the IP address in many different formats. If the IP address is 11.22.33.44, it looks for: 11.22.33.44 011.022.033.044 11.022.033.044 (new in version 4.0.0) 11.22.033.044 (new in version 4.0.0) 11.22.33.044 (new in version 4.0.0) 44.33.22.11 44.11.22.33 33.22.11.44 44.33.1122 3344.11.22 11.22.8492 (last two octets converted to long integer) 11223344 011022033044 11022033044 1122033044 112233044 44332211 044033022011 185999660 (entire IP converted to long integer) 0b16212c (entire IP converted to hex digits) Basically, these are all the different formats I've seen in real life. As people report new ones, I add them too. Here's another one for you Sam: 04-16 13:01:22 DENIED_RDNS_RESOLVE from: [EMAIL PROTECTED] to: [EMAIL PROTECTED] origin_ip: 65.182.166.90 origin_rdns: ihsystem-65-182-166-90.pugmarks.net auth: (unknown) -- -Eric 'shubes' ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users
Re: [spamdyke-users] problems with DENIED_IP_IN_CC_RDNS
You're reading the correct section. The third and fourth paragraphs describe reject-unresolvable-rdns, which is the filter that was triggered in your example. The text doesn't actually use the term A record, instead saying that spamdyke attempts to get an IP address from the name. When I wrote it, I was trying to limit my use of jargon as much as possible. I guess I should rewrite it if it's so unclear. Paragraphs five through ten describe ip-in-rdns-keyword-file and the last paragraph describes reject-ip-in-cc-rdns. The two rules you're wanting are already there -- reject-unresolvable-rdns and ip-in-rdns-keyword-file. The former only checks for an A record from the rDNS name. The latter checks for the IP address in the rDNS, plus a keyword from the file. -- Sam Clippinger Eric Shubert wrote: That makes sense, but it's not what I read at http://www.spamdyke.org/documentation/README.html#RDNS I don't see anything there about looking up a corresponding DNS A record. Is the documentation perhaps out of date? (or am I losing it?) ;) Do we perhaps need 2 parameter/rules? One for when the rDNS record does not contain an IP address, and another for when there is no DNS A record for the address that's found? Sam Clippinger wrote: Your example was not rejected by the ip-in-rdns-keyword-file filter. It was rejected by the reject-unresolvable-rdns filter because the rDNS name does not resolve to an IP address (a DNS A record). In other words, ping ihsystem-65-182-166-90.pugmarks.net will fail with unknown host. -- Sam Clippinger Eric Shubert wrote: I don't understand (after having read the documentation) why the example I showed was rejected then. Please explain. Sam Clippinger wrote: Sorry, I should have mentioned that the dots in the formats I listed can actually be any non-alphanumeric character (dashes, underscores, etc). -- Sam Clippinger Eric Shubert wrote: Sam Clippinger wrote: spamdyke looks for the IP address in many different formats. If the IP address is 11.22.33.44, it looks for: 11.22.33.44 011.022.033.044 11.022.033.044 (new in version 4.0.0) 11.22.033.044 (new in version 4.0.0) 11.22.33.044 (new in version 4.0.0) 44.33.22.11 44.11.22.33 33.22.11.44 44.33.1122 3344.11.22 11.22.8492 (last two octets converted to long integer) 11223344 011022033044 11022033044 1122033044 112233044 44332211 044033022011 185999660 (entire IP converted to long integer) 0b16212c (entire IP converted to hex digits) Basically, these are all the different formats I've seen in real life. As people report new ones, I add them too. Here's another one for you Sam: 04-16 13:01:22 DENIED_RDNS_RESOLVE from: [EMAIL PROTECTED] to: [EMAIL PROTECTED] origin_ip: 65.182.166.90 origin_rdns: ihsystem-65-182-166-90.pugmarks.net auth: (unknown) ___ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users