Are you sure that really works? Asterisks are not valid in blacklist files, nor are trailing dots.
If it does work, it's a bug. :) -- Sam Clippinger Davide D'Amico wrote: > I live in Italy and your 'cable' keyword is 'dynamic' here. > I use this: > # cat /var/db/spamdyke/rdns_blacklist.txt > .*dynamic.* > > and it works! > > d. > > 2008/10/13 Erald Troja <[EMAIL PROTECTED]>: > >> Davide, >> >> no go. >> >> Other host names containing 'cable' keyword such as >> 77-96-122-40.cable.ubr02.nmal.blueyonder.co.uk are properly >> being rejected with the right error message. >> >> >> ------------------------ >> Erald Troja >> >> >> Davide D'Amico wrote: >> >>> Please try with: >>> *.cable.* >>> >>> >>> d. >>> >>> >>> 2008/10/13 Erald Troja <[EMAIL PROTECTED]>: >>> >>>> Sam/others, >>>> >>>> I've re-read the documentation for this feature over and over >>>> and as far as I can understand we've done all possible to stop >>>> the following. >>>> >>>> Here's an entry log from a SPAMMER's address we'd like to reject via the >>>> ip-in-rdns-keyword-blacklist-entry feature. >>>> >>>> Oct 13 12:45:21 mail02 spamdyke[12401]: DENIED_GRAYLISTED from: >>>> [EMAIL PROTECTED] to: [EMAIL PROTECTED] origin_ip: >>>> 80.6.107.90 origin_rdns: cpc1-west2-0-0-cust857.brnt.cable.ntl.com auth: >>>> (unknown) >>>> >>>> >>>> our ip-in-rdns-keyword-blacklist-entry referenced file contains the >>>> following >>>> >>>> >>>> cable >>>> .cable.ntl.com >>>> .ntl.com >>>> cable .ntl.com >>>> >>>> Seems none of the 4 potential keyword entries we're providing >>>> is matching the above host name. >>>> >>>> The hostname should be rejected with DENIED_IP_IN_RDNS rather >>>> than DENIED_GRAYLISTED >>>> >>>> >>>> What are we doing wrong? Or is this a un-discovered bug? >>>> >>>> Thanks. >>>> >>>> >>>> >>>> ------------------------ >>>> Erald Troja >>>> >>>> >>>> Erald Troja wrote: >>>> >>>>> Sam, >>>>> >>>>> I'm reading your reply again, and perhaps I misunderstood what >>>>> you're saying. >>>>> >>>>> Here's the entry log for one of the rDNS's I'd like to reject the >>>>> connection. >>>>> >>>>> >>>>> Oct 13 11:05:41 mail02 spamdyke[29352]: DENIED_GRAYLISTED from: >>>>> [EMAIL PROTECTED] to: [EMAIL PROTECTED] origin_ip: >>>>> 82.19.66.39 origin_rdns: cpc1-rdng9-0-0-cust550.winn.cable.ntl.com auth: >>>>> (unknown) >>>>> Oct 13 11:06:23 mail02 spamdyke[31397]: DENIED_GRAYLISTED from: >>>>> [EMAIL PROTECTED] to: [EMAIL PROTECTED] origin_ip: 82.19.66.39 >>>>> origin_rdns: cpc1-rdng9-0-0-cust550.winn.cable.ntl.com auth: (unknown) >>>>> >>>>> >>>>> As you will see, there is an IP address for their rDNS. >>>>> >>>>> Are you saying that the ip-in-rdns-keyword-blacklist-entry file should >>>>> also contain the IP address of the originating connection, or as long as >>>>> their IP resolves to a numeric address, all is necessary to have is the >>>>> keyword in the ip-in-rdns-keyword-blacklist-entry ? >>>>> >>>>> Can anyone clarify this please? >>>>> >>>>> >>>>> >>>>> ------------------------ >>>>> Erald Troja >>>>> >>>>> Sam Clippinger wrote: >>>>> >>>>>> In order for the keyword filter to block connections, spamdyke must >>>>>> find the keyword and the entire IP address in the rDNS name. The two >>>>>> examples you gave don't appear to contain whole IP addresses. Also, >>>>>> the second example contains the keyword "cablelink", not "cable"; >>>>>> spamdyke will not match keywords within other text. >>>>>> >>>>>> -- Sam Clippinger >>>>>> >>>>>> Erald Troja wrote: >>>>>> >>>>>>> Hello Folks, >>>>>>> >>>>>>> We are slowly building up on the many swiss army knife features >>>>>>> that Spamdyke offers. >>>>>>> >>>>>>> One of them is the ip-in-rdns-keyword-blacklist-entry feature >>>>>>> http://spamdyke.org/documentation/README.html#RDNS >>>>>>> >>>>>>> In essence, we notice many, next to say almost all connections >>>>>>> connecting to port 25 of our servers, with the keyword 'cable' are >>>>>>> of SPAMMY nature and we'd like to stop them. >>>>>>> >>>>>>> So, we have Spamdyke configured with >>>>>>> ip-in-rdns-keyword-blacklist-file=/etc/spamdyke/ip-in-rdns-keyword-blacklist-file >>>>>>> >>>>>>> >>>>>>> and have /etc/spamdyke/ip-in-rdns-keyword-blacklist-file >>>>>>> >>>>>>> with one line containing just the keyword >>>>>>> >>>>>>> cable >>>>>>> >>>>>>> >>>>>>> We do notice logging of a handful of connections yet for example >>>>>>> >>>>>>> >>>>>>> DENIED_GRAYLISTED cpc2-midd9-0-0-cust525.midd.cable.ntl.com >>>>>>> DENIED_GRAYLISTED cablelink-173-45-65.cpe.intercable.net >>>>>>> >>>>>>> >>>>>>> are Graylisted instead of being denied connectivity. Can anyone >>>>>>> pass along some documentation on Spamdyke + keyword processing? >>>>>>> >>>>>>> Thanks. >>>>>>> >>>>>>> >>>>>>> >>>>>> _______________________________________________ >>>>>> spamdyke-users mailing list >>>>>> [email protected] >>>>>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users >>>>>> >>>>>> >>>> _______________________________________________ >>>> spamdyke-users mailing list >>>> [email protected] >>>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users >>>> >>>> >>> _______________________________________________ >>> spamdyke-users mailing list >>> [email protected] >>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users >>> >>> >> _______________________________________________ >> spamdyke-users mailing list >> [email protected] >> http://www.spamdyke.org/mailman/listinfo/spamdyke-users >> >> > _______________________________________________ > spamdyke-users mailing list > [email protected] > http://www.spamdyke.org/mailman/listinfo/spamdyke-users > _______________________________________________ spamdyke-users mailing list [email protected] http://www.spamdyke.org/mailman/listinfo/spamdyke-users
