|
Couldn't we just write a rule that adds points when it see's the "unknown"
in the MX, I also use postfix, so postfix specific.. Received: from predialnet.com.br (unknown
[200.218.176.14]) Robert Peace he would say instead of goodbye....peace my brother. -----Original Message----- >... >Date: Thu, 05 May 2005 11:27:59 -0400 >From: Matt Kettler <[EMAIL PROTECTED]> >User-Agent: Mozilla Thunderbird 1.0.2 (Windows/20050317) >X-Accept-Language: en-us, en >MIME-Version: 1.0 >To: Dan Barker <[EMAIL PROTECTED]> >Cc: users@spamassassin.apache.org >Subject: Re: PTR Rules >... > >Dan Barker wrote: > >>I can't find any doc on PTR rules. Specifically, I'd like to
make my >>SpamAssassin 3.0.1 score if there is no PTR record for the
first "foreign" >>IP in the "Received by" chain. >> >>This can't be difficult, but I've scanned the doc to the best
of my ability >>(my best may not be particularly good<g>) and come up
empty. >> >> >> >There's no "easy" way to do this if you want SA to
perform the PTR >lookup. You'd have to do that as a plugin, which involves writing
some >perl code that makes use of Net::DNS. > >However, if your mailserver normally does the lookup you can write
a >regex to look for a Received: header from your MX that has no
hostname. > >Take this Received: header for example (sendmail generated) > > Received: from eyou.com ([218.6.19.122]) by
xanadu.evi-inc.com .... >Compared to > Received: from fsmail432.com (H1b65.h.pppool.de
[85.72.27.101]) >by xanadu.evi-inc.com ... > > >A rule like this would work for my mailserver: > > >header L_NO_RDNS_RCVD Received =~/from [\w.]{0,20} >\(\[\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\]\) .{0,50} by xanadu\.evi/ >score L_NO_RDNS_RCVD 0.1 > > >For what it's worth, I've seen a lot of legitimate servers lacking
RDNS >entries, so I'd keep the score on this under 2.5. > >(That said, one measure I do already take is I greylist all servers
with >no RDNS.. Selective greylisting works pretty well. ) > > > There is probably a rle which will work for the OP, but different
MTAs have different behaviours. For example, using Postfix, I see Received: from predialnet.com.br (unknown [200.218.176.14]) Compared to Received: from mail.apache.org (hermes.apache.org
[209.237.227.199]) Of course now, following AOL's fine example, I just reject with a 450 code, anything without rDNS (of course, they the spammers tend to
just end up at a secondary not under my direct control then, and then the
get rejected later for some other reason:). Paul Shupak [EMAIL PROTECTED] P.S. Matt, does that look like Exim you are using? |
- RE: PTR Rules Robert Swan
- Re: PTR Rules Loren Wilton
- Re: PTR Rules Matt Kettler
- Re: PTR Rules Eric A. Hall
