spamassassin-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Henrik K <h...@hege.li>
Subject Re: DNS ISP Host List Available
Date Mon, 02 Jun 2008 12:20:40 GMT
On Mon, Jun 02, 2008 at 03:14:08PM +0300, Henrik K wrote:
> On Mon, Jun 02, 2008 at 01:28:21PM +0200, Matus UHLAR - fantomas wrote:
> > On 30.05.08 15:37, Larry Ludwig wrote:
> > > IMHO regex setups are even more reliable we do this with our postfix setup.
> > >  
> > > For example:
> > > /^c-.+-.+-.+-.+\..+\..+\.comcast\.net$/                         REJECT
> > > dynamic ip address use isp for outgoing email - access.regex
> > > 
> > > I think is more reliable than just by name or especially by IP since IP
> > > allocations do change.
> > 
> > looking at 20_dynrdns.cf we see that there are MANY forms of marking
> > dynamically allocated space. The score of RDNS_DYNAMIC dropped in the past
> > (there were FP's reportet iirc) and now it's mostly used in conjuction with
> > other rules.
> > 
> > If your regexp's are THAT efficient, share them with us please.
> 
> 20_dynrdns is lame and no one is really updating it. It doesn't even strip
> domains, resulting in hosts like smtp.dynamic1.com to match. It's pretty
> cumbersome to use the meta headers too. It needs some revamping to be more
> useful.
> 
> That's why there are plugins like Botnet and my BadRelay[1] (which handles
> domains properly). My tool is pretty outdated too, I haven't updated it
> since I started blocking and greylisting suspicious hosts directly at MTA.
> Not much passes through.
> 
> For a really big regexp list, have a look at [2].
> 
> [1] http://sa.hege.li/
> [2] http://www.linuxmagic.com/opensource/anti_spam/dynamic_regex/

Just a few more hints. If you are scared to block anything directly,
greylist everything suspicious with a long delay. And using same dynamic
regexp lists to match HELO is even more foolproof.

Also check some more generic regexpes from my examples:

http://hege.li/howto/spam/etc/postfix/in/
  (access_helo_dynamic, greylist_*, whitelist_client)

DNSBL operators will thank you for using such lists before any queries.


Mime
View raw message