On 2/4/2015 3:12 PM, li...@rhsoft.net wrote:
>
>
> *sadly* that sort of incoming rules is not widespreaded enough,
> otherwise spam from infected botnet zombies would no longer exist
> and frankly the rule for "IP....hfc.comcastbusiness.net" is manually
> written by look at the incoming junk amount all day long hitting the
> contentfilter and no single legit mail without SPF/DNSWL over months
>
> /^[\.\-]?([0-9]{1,3}[\.\-]){2,4}[\.\-]?[a-z]{4,20}[\.\-]hfc[\.\-]comcastbusiness[\.\-](co|com|net|org)$/
> REJECT Generic DNS-Reverse-Lookup (PTR-Rule: 435) see
> http://www.emailtalk.org/ptr.aspx or configure
> http://en.wikipedia.org/wiki/Sender_Policy_Framework
>
> even if it is not a directly reject *every* SpamAssassin setup on
> this planet gives you a penalty for such a PTR and that maybe the
> last piece needed for a milter-reject - in that case you don't know
> the reasons, with the reject above you do
>
> score RDNS_DYNAMIC 2.639 0.363 1.663 0.982
> score NO_RDNS_DOTCOM_HELO 3.100 0.433 3.099 0.823
>
>
Your filter is broken if it can't tell the difference between a
static and dynamic PTR.
There are a lot of zombies in the *.comcastbusiness.* PTR space, but
you throw out the baby with the bathwater. There are other ways to
get rid of the zombies on static IPs without wholesale blocking.
Greylisting and a couple reliable RBLs (or postscreen) will block
the vast majority of zombies without wholesale slaughter.
See, even you don't block everyone with an offending PTR -- you
check for valid SPF or dnswl.
-- Noel Jones
