Re: Sa rule broken, fix with bugzilla id5750 RE: question on reverse DNS

Sat, 29 Dec 2007 09:53:32 -0800 


Michael Scheidell escreveu:

-----Original Message-----

From: Leonardo Rodrigues Magalhães [mailto:[EMAIL PROTECTED] 
Sent: Saturday, December 29, 2007 8:02 AM

To: spamassassin ML
Subject: question on reverse DNS


    i would like to give some score for messages that came from IP 
addresses that does not have the reverse correctly configured. I have 
seen a lot of IPs that have some reverse name, but that name does not 
point back to the IP address.



    

Best to block that in your MTA, it probally already does a RNS.
Ask for help on your MTA list, or read below for fix for broken SA rule:

 
  



   Yeah ... postfix can surely (and easily) do that. But i dont want to 
completly block them. I would like to 'score' this situation (bad dns or 
no reverse dns) and maybe get the message flagged as SPAM by SA.



   I have a GREAT experience on avoiding false positives with RBLs when 
i moved those from postfix to SA with pretty high scores. No more false 
positives and yet the advantages of checking RBLs. So i tought it would 
be interesting to check this reverse thing in SA and score instead of 
simply blocking on MTA, exactly to avoid those false positives i know i 
would have if done that on MTA !



    is it possible to score no reverse at all and/or no 
complete reverse 
    


It is supported in SA, but the rule is broken.
I have already submitted a bugzilla with patches, but nothing has been done on 
sa rules for SA since October 31st.

(SA rules folks, highlight: )
See: http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5750

  



   I couldnt find the file you mentioned (20_rynrdns.cf) on my SA 3.2.1 
and olders .... but i noticed it's there on SA 3.2.3.



   shouldnt these new files and rules be updated through sa-update ?? I 
ran it daily and even if my SA is not completly up-to-date i was 
expecting this new files to get downloaded and installed ......



   anyway .... i tought that using botnet files is interesting because 
i can differently score IPs which have no reverse dns at all and those 
who have 'not-full-circle' reverse .... ok, maybe it's not smart (and 
useful) to score them differently .... but it's interesting to have the 
ability to do that if needed :)



--


        Atenciosamente / Sincerily,
        Leonardo Rodrigues
        Solutti Tecnologia
        http://www.solutti.com.br

        Minha armadilha de SPAM, NÃO mandem email
        [EMAIL PROTECTED]
        My SPAMTRAP, do not email it






Attachment:
smime.p7s

Description: S/MIME Cryptographic Signature






















					Reply via email to