[Bug 3200] New: new rules: dynamic/no-rDNS-for-IP

21 Mar 2004 22:16:58 -0000 

http://bugzilla.spamassassin.org/show_bug.cgi?id=3200

           Summary: new rules: dynamic/no-rDNS-for-IP
           Product: Spamassassin
           Version: unspecified
          Platform: All
        OS/Version: other
            Status: NEW
          Severity: normal
          Priority: P3
         Component: Rules
        AssignedTo: [EMAIL PROTECTED]
        ReportedBy: [EMAIL PROTECTED]


the following rules are attempting to mark incoming mail coming in
directly from dynamic/dialup/cable/dsl IPs. Unfortunately, some of
the header semantics (like "(may be forged)") are Sendmail-specific,
and all rely on a match for the receiving host (here: "by conti.nu").
Maybe someone can suggest a way of re-writing this into written
code, to match only on the first "trusted" header line?

Something tells me that we should be applying a lot of DNSBL tests
only on such specific header lines, too.


# conti.nu-specific
header  RX_DYN_HOST_CUSTOM      Received =~ /(?:ppp.*?|dialup.*?|dial|.dsl|.*?
adsl.*?|\.cable|\.modem|\.pool.*?|\.dyn|\.d
ynamic|\.abo|\.client|\..*?-ip|\...\.shawcable\.net|\.in-
addr|\.cablemodem|dhcp.*?|resnet)\..*?\..*by conti.nu /i
describe RX_DYN_HOST_CUSTOM     Received directly from dialup/cable/dsl host 
(custom rule)
score   RX_DYN_HOST_CUSTOM      2.0

# conti.nu-specific
# with 4 numeric elements concatenated with a hyphen - too strict?
# header        RX_DYN_HOST2_CUSTOM     Received =~ /\(.*\d{1,3}-\d{1,3}-\d
{1,3}-\d{1,3}.*\).*by conti.nu /i
# with 3 numeric elements concatenated with a hyphen - seen quite often, such 
as in:
#       m235.net81-64-119.noos.fr [81.64.119.235]
header  __RX_DYN_HOST2_CUSTOM   Received =~ /\(.*\d{1,3}-\d{1,3}-\d
{1,3}.*\).*by conti.nu /i
# but do not score if we already matched the dialup/cable/DSL rule
meta    RX_DYN_HOST2_CUSTOM     (__RX_DYN_HOST2_CUSTOM && !RX_DYN_HOST_CUSTOM)
describe RX_DYN_HOST2_CUSTOM    Received directly from host with script-
generated rDNS name (custom rule)
score   RX_DYN_HOST2_CUSTOM     2.0

# conti.nu-specific
header  RX_FROM_NODNS_HOST      Received =~ /\(\[\d+\.\d+\.\d+\.\d+\]\).*by 
conti.nu /i
describe RX_FROM_NODNS_HOST     Received directly from host with no rDNS 
(custom rule)
score   RX_FROM_NODNS_HOST      2.0

# conti.nu-specific
header  RX_FROM_FORGEDDNS_HOST  Received =~ /\(.*?\[\d+\.\d+\.\d+\.\d+\] \(may 
be forged\)\).*by conti.nu /i
describe RX_FROM_FORGEDDNS_HOST Received directly from host with forged rDNS 
(custom rule)
score   RX_FROM_FORGEDDNS_HOST  1.5



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

Reply via email to