On 30.05.08 09:04, Marc Perkel wrote:
> Name based DNS lists are more reliable because IP addresses can change.

We did not do much changes in out dialup and ADSL ranges, while I was
changing the naming scheme at least two times.

> The name based list covers all IP addresses where the FCrDNS resolves to
> that name.

And in the previous naming schemes we even could not differ static and
dynamic space by rbldns. I guess there are more ISPs that have similar
issues and such blacklists would cause FPs or FNs.

--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I don't have lysdexia. The Dog wouldn't allow that.

On Mon, Jun 02, 2008 at 01:28:21PM +0200, Matus UHLAR - fantomas wrote:
> On 30.05.08 15:37, Larry Ludwig wrote:
> > IMHO regex setups are even more reliable we do this with our postfix setup.
> >
> > For example:
> > /^c-.+-.+-.+-.+\..+\..+\.comcast\.net$/ REJECT
> > dynamic ip address use isp for outgoing email - access.regex
> >
> > I think is more reliable than just by name or especially by IP since IP
> > allocations do change.
>
> looking at 20_dynrdns.cf we see that there are MANY forms of marking
> dynamically allocated space. The score of RDNS_DYNAMIC dropped in the past
> (there were FP's reportet iirc) and now it's mostly used in conjuction with
> other rules.
>
> If your regexp's are THAT efficient, share them with us please.

20_dynrdns is lame and no one is really updating it. It doesn't even strip
domains, resulting in hosts like smtp.dynamic1.com to match. It's pretty
cumbersome to use the meta headers too. It needs some revamping to be more
useful.

That's why there are plugins like Botnet and my BadRelay[1] (which handles
domains properly). My tool is pretty outdated too, I haven't updated it
since I started blocking and greylisting suspicious hosts directly at MTA.
Not much passes through.

For a really big regexp list, have a look at [2].

[1] http://sa.hege.li/
[2] http://www.linuxmagic.com/opensource...dynamic_regex/

On Mon, Jun 02, 2008 at 03:14:08PM +0300, Henrik K wrote:
> On Mon, Jun 02, 2008 at 01:28:21PM +0200, Matus UHLAR - fantomas wrote:
> > On 30.05.08 15:37, Larry Ludwig wrote:
> > > IMHO regex setups are even more reliable we do this with our postfix setup.
> > >
> > > For example:
> > > /^c-.+-.+-.+-.+\..+\..+\.comcast\.net$/ REJECT
> > > dynamic ip address use isp for outgoing email - access.regex
> > >
> > > I think is more reliable than just by name or especially by IP since IP
> > > allocations do change.
> >
> > looking at 20_dynrdns.cf we see that there are MANY forms of marking
> > dynamically allocated space. The score of RDNS_DYNAMIC dropped in the past
> > (there were FP's reportet iirc) and now it's mostly used in conjuction with
> > other rules.
> >
> > If your regexp's are THAT efficient, share them with us please.
>
> 20_dynrdns is lame and no one is really updating it. It doesn't even strip
> domains, resulting in hosts like smtp.dynamic1.com to match. It's pretty
> cumbersome to use the meta headers too. It needs some revamping to be more
> useful.
>
> That's why there are plugins like Botnet and my BadRelay[1] (which handles
> domains properly). My tool is pretty outdated too, I haven't updated it
> since I started blocking and greylisting suspicious hosts directly at MTA.
> Not much passes through.
>
> For a really big regexp list, have a look at [2].
>
> [1] http://sa.hege.li/
> [2] http://www.linuxmagic.com/opensource...dynamic_regex/

Just a few more hints. If you are scared to block anything directly,
greylist everything suspicious with a long delay. And using same dynamic
regexp lists to match HELO is even more foolproof.

Also check some more generic regexpes from my examples:

http://hege.li/howto/spam/etc/postfix/in/
(access_helo_dynamic, greylist_*, whitelist_client)

DNSBL operators will thank you for using such lists before any queries.

> > On 30.05.08 15:37, Larry Ludwig wrote:
> > > IMHO regex setups are even more reliable we do this with our postfix setup.
> > >
> > > For example:
> > > /^c-.+-.+-.+-.+\..+\..+\.comcast\.net$/ REJECT
> > > dynamic ip address use isp for outgoing email - access.regex
> > >
> > > I think is more reliable than just by name or especially by IP since IP
> > > allocations do change.

> On Mon, Jun 02, 2008 at 01:28:21PM +0200, Matus UHLAR - fantomas wrote:
> > looking at 20_dynrdns.cf we see that there are MANY forms of marking
> > dynamically allocated space. The score of RDNS_DYNAMIC dropped in the past
> > (there were FP's reportet iirc) and now it's mostly used in conjuction with
> > other rules.
> >
> > If your regexp's are THAT efficient, share them with us please.

On 02.06.08 15:14, Henrik K wrote:
> 20_dynrdns is lame and no one is really updating it. It doesn't even strip
> domains, resulting in hosts like smtp.dynamic1.com to match. It's pretty
> cumbersome to use the meta headers too. It needs some revamping to be more
> useful.

Is there a bugreport for this? Or do youfind it better to whine and not try
to make it better?

> That's why there are plugins like Botnet and my BadRelay[1] (which handles
> domains properly). My tool is pretty outdated too, I haven't updated it
> since I started blocking and greylisting suspicious hosts directly at MTA.
> Not much passes through.

BotNet was afaik reported to have FP's for ISPs. That's why I do not use it.

--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
- Have you got anything without Spam in it?
- Well, there's Spam egg sausage and Spam, that's not got much Spam in it.

On Mon, Jun 02, 2008 at 03:29:44PM +0200, Matus UHLAR - fantomas wrote:
> > > On 30.05.08 15:37, Larry Ludwig wrote:
> > > > IMHO regex setups are even more reliable we do this with our postfix setup.
> > > >
> > > > For example:
> > > > /^c-.+-.+-.+-.+\..+\..+\.comcast\.net$/ REJECT
> > > > dynamic ip address use isp for outgoing email - access.regex
> > > >
> > > > I think is more reliable than just by name or especially by IP since IP
> > > > allocations do change.
>
> > On Mon, Jun 02, 2008 at 01:28:21PM +0200, Matus UHLAR - fantomas wrote:
> > > looking at 20_dynrdns.cf we see that there are MANY forms of marking
> > > dynamically allocated space. The score of RDNS_DYNAMIC dropped in the past
> > > (there were FP's reportet iirc) and now it's mostly used in conjuction with
> > > other rules.
> > >
> > > If your regexp's are THAT efficient, share them with us please.
>
> On 02.06.08 15:14, Henrik K wrote:
> > 20_dynrdns is lame and no one is really updating it. It doesn't even strip
> > domains, resulting in hosts like smtp.dynamic1.com to match. It's pretty
> > cumbersome to use the meta headers too. It needs some revamping to be more
> > useful.
>
> Is there a bugreport for this? Or do youfind it better to whine and not try
> to make it better?

There are many bug reports, what good does it do if noone has the time to
act on them?

> > That's why there are plugins like Botnet and my BadRelay[1] (which handles
> > domains properly). My tool is pretty outdated too, I haven't updated it
> > since I started blocking and greylisting suspicious hosts directly at MTA.
> > Not much passes through.
>
> BotNet was afaik reported to have FP's for ISPs. That's why I do not use it.

Botnet blocks what you configure it to block. SA rules are forced on you.

On Mon, Jun 02, 2008 at 05:33:10PM +0300, Henrik K wrote:
> On Mon, Jun 02, 2008 at 03:29:44PM +0200, Matus UHLAR - fantomas wrote:
> >
> > Is there a bugreport for this? Or do youfind it better to whine and not try
> > to make it better?
>
> There are many bug reports, what good does it do if noone has the time to
> act on them?

Ok I need to clarify few things, before I'm regarded as a complete whiner.

Many things that I "whine" about are not _that_ serious. You can simply stop
using them or trust that bayes or other rules save the day. Obviously 95%+
of users are happy the way things are, and there is nothing wrong with that.

You can try to improve things, but when some bug reports wait for answers
for weeks or months, it just isn't that creative anymore. I try to value my
free time more than trying to "fight" some (perhaps less urgent) issues to
be fixed.

It's great how far SA is already, I give props to all the developers that
spend their free time on it. But just imagine what it could be, if for
example Justin would be paid to work on it 8 hours a day?

(snip)
> It's great how far SA is already, I give props to all the developers that
> spend their free time on it. But just imagine what it could be, if for
> example Justin would be paid to work on it 8 hours a day?

if he get paid he would get more tired of the work and we would get more bugs

no ?


Benny Pedersen
Need more webspace ? http://www.servage.net/?coupon=cust37098

On Mon, Jun 02, 2008 at 06:52:26PM +0200, Benny Pedersen wrote:
>
> (snip)
> > It's great how far SA is already, I give props to all the developers that
> > spend their free time on it. But just imagine what it could be, if for
> > example Justin would be paid to work on it 8 hours a day?
>
> if he get paid he would get more tired of the work and we would get more bugs
>
> no ?

Is this some sort of weird humor? I don't get it.. so you think it's better
to work randomly on something for a few moments, after a possibly exhausting
day at your real job?

I would have no problem to contribute 1 or 2 euros a year to SA, if other
50000+ users did the same. But I guess it would be hard to set up things
like that.

On Mon, June 2, 2008 19:03, Henrik K wrote:

> Is this some sort of weird humor?

no i am just a dane

> I don't get it.. so you think it's better to work randomly on something
> for a few moments, after a possibly exhausting day at your real job?

from my own expirements yes, i sometimes get stok in my work and let it be for
some hours and later get back and do what i wanted, sometimes its better to
let it be when codes does not work

> I would have no problem to contribute 1 or 2 euros a year to SA, if other
> 50000+ users did the same.

well then lets sell it to microsoft :-)

> But I guess it would be hard to set up things like that.

just depends on licenses


Benny Pedersen
Need more webspace ? http://www.servage.net/?coupon=cust37098