On 02/08/2013 09:35 AM, Gary Gendel wrote: > On 02/08/2013 11:10 AM, Eric Shubert wrote: >> I've received a malicious spam from the following address: >> Received: from unknown (HELO 74-142-212-17.dhcp.insightbb.com) >> (74.142.212.17) >> >> I'm a little surprised that the address hasn't been blacklisted, being >> an apparent dynamic address. I'm using >> dns-blacklist-entry=zen.spamhaus.org >> dns-blacklist-entry=bl.spamcop.net >> >> Is there a good way to block public hosts with dhcp in their name? >> Is there a better approach to this? >> > It doesn't seem to be on any of the blacklists reported by: > > http://multirbl.valli.org/lookup/74-142-212-17.dhcp.insightbb.com.html > > I see two possibilities: > > 1) Add dhcp as an entry in ip-in-rdns-keyword-blacklist-xxxx > 2) add .dhcp.insightbb.com in rdns-blacklist-xxxx > > (1) may block legitimate addresses from anywhere just because they have > dhcp in their rdns name. > (2) may block legitimate addresses if any exist within that domain. > > Gary >
Thanks Gary. After reading the documentation, I've decided to put dhcp dynamic in my blacklist_keywords file. I haven't used this feature in the past, but upon careful reading, I see that this only blocks when the keyword is present in the rDNS name *and* there is also a match to THE IP address (not just any ol' IP address) in the rDNS name. So (1) is not a concern after all. Great feature, Sam. Thanks! -- -Eric 'shubes' _______________________________________________ spamdyke-users mailing list [email protected] http://www.spamdyke.org/mailman/listinfo/spamdyke-users
