Re: are these 'good and reliable' adls/dynamic pcre rejects?

Thu, 30 Jan 2014 20:22:53 -0800 

On 1/30/2014 7:17 PM, li...@sbt.net.au wrote:
> my pre configured Postfix inluded these helo_access.pcre rejects;
> 
> today, I noticed an expected email was bounced by one of the
> pre-configured rules as so:
> 
> Jan 31 10:08:01 emu postfix/smtpd[11075]: NOQUEUE: reject: RCPT from
> unknown[59.167.231.218]: 554 5.7.1 <eth6619.nsw.adsl.internode.on.net>:
> Helo command rejected: Go away, bad guy (adsl).; from=<hele...@tld.com.au>
> to=<voy...@tld.net.au> proto=ESMTP
> helo=<eth6619.nsw.adsl.internode.on.net>
> 
> host 59.167.231.218
> 218.231.167.59.in-addr.arpa domain name pointer ns3.cipaname.com.
> 
> before I contact the sender to tell them "you are misconfigured";

Bizarre setup on that IP.
# host eth6619.nsw.adsl.internode.on.net
eth6619.nsw.adsl.internode.on.net has address 59.167.235.218
# host 59.167.231.218
218.231.167.59.in-addr.arpa domain name pointer ns3.cipaname.com.
# host ns3.cipaname.com.
Host ns3.cipaname.com. not found: 3(NXDOMAIN)

There are some legit static IP servers with a hostname containing
/adsl/, so you'll need to watch out for false positives. How much of
a problem that is will be site specific.

You might look at http://www.hardwarefreak.com/fqrdns.pcre



  -- Noel Jones

> 
> are these rules below:
> 
> 'pretty good idea with little chance of false positives' ?
> or 'not such a good reject idea with a lot of chance of fasle positives' ?
> 
> thanks
> 
> ..from helo_access.pcre..
> 
> # Reject adsl spammers.
> #
> /adsl/                      REJECT Go away, bad guy (adsl).
> /dynamic/                   REJECT Go away, bad guy (dynamic)
> /\d{1,3}-\d{1,3}-\d{1,3}-\d{1,3}/   REJECT Go away (dynamic).
> /pppoe/                     REJECT Go away, bad guy (pppoe).
> /dsl\.brasiltelecom\.net\.br/   REJECT Go away, bad guy (dsl.optinet.hr)
> /dsl\.optinet\.hr/          REJECT Go away, bad guy (dsl.telesp.net.br)
> /dsl\.telesp\.net\.br/      REJECT Go away, bad guy (dialog)
> /dialup/                    REJECT Go away, bad guy (dialup)
> /dhcp/                      REJECT Go away, bad guy (dhcp)
> /dhcp\.stls\.mo\.charter\.com/  REJECT Go away, bad guy
> (dhcp.stls.mo.charter.com)
> /pool-/                     REJECT Go away, bad guy (pool-)
> /^cpe-/                     REJECT Go away, bad guy (cpe-)
> /\.cpe\./                   REJECT Go away, bad guy (.cpe.)
> 
>

Reply via email to