On 3/5/2010 6:05 AM, Stan Hoeppner wrote:
Noel Jones put forth on 3/4/2010 2:51 PM:
The idea is that this might increase rhsbl hit rates if the hostname is
more frequently available. On the other hand, spam-only domains seem to
usually have verifiable hostnames, so I'm not sure how much this will
really help.
I don't quite follow your second statement here. Isn't this patch supposed
to grab the domain name from the client's rDNS name? Snowshoe spammers
By "help" I mean catch spam that would not be caught by the
existing reject_rhsbl_client, ie. domains with spammy rDNS but
no matching A record logged as "unknown".
Seems to me that most dedicated-spam domains are careful to
set up proper FCRDNS; this patch won't have any *additional*
effect on those domains. But it might help catch some. In
two days of using dbl.spamhaus I've had exactly 3 hits on
client names; all had proper FCRDNS and would have been
rejected with the existing rhsbl code. Hopefully this will
improve.
On the other hand, one could argue that it is proper to always
use the unverified reverse client for rhsbl lookups and the
existing reject_rhsbl_client is too strict. I have trouble
imagining a case where using the unverified reverse name would
lead to a false positive.
-- Noel Jones
