DNS ISP Host List Available - SpamAssassin

This is a discussion on DNS ISP Host List Available - SpamAssassin ; On 30.05.08 15:37, Larry Ludwig wrote: > IMHO regex setups are even more reliable we do this with our postfix setup. > > For example: > /^c-.+-.+-.+-.+\..+\..+\.comcast\.net$/ REJECT > dynamic ip address use isp for outgoing email - access.regex > ...

+ Reply to Thread
Page 2 of 2 FirstFirst 1 2
Results 21 to 30 of 30

Thread: DNS ISP Host List Available

  1. Re: DNS ISP Host List Available

    On 30.05.08 15:37, Larry Ludwig wrote:
    > IMHO regex setups are even more reliable we do this with our postfix setup.
    >
    > For example:
    > /^c-.+-.+-.+-.+\..+\..+\.comcast\.net$/ REJECT
    > dynamic ip address use isp for outgoing email - access.regex
    >
    > I think is more reliable than just by name or especially by IP since IP
    > allocations do change.


    looking at 20_dynrdns.cf we see that there are MANY forms of marking
    dynamically allocated space. The score of RDNS_DYNAMIC dropped in the past
    (there were FP's reportet iirc) and now it's mostly used in conjuction with
    other rules.

    If your regexp's are THAT efficient, share them with us please.

    btw, our dynamically and statically allocated ranges use very similar naming
    scheme, do you know about those? Do you exclude e.g. all names having
    "static" in them?
    --
    Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
    Warning: I wish NOT to receive e-mail advertising to this address.
    Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
    They that can give up essential liberty to obtain a little temporary
    safety deserve neither liberty nor safety. -- Benjamin Franklin, 1759


  2. Re: DNS ISP Host List Available

    On 30.05.08 09:04, Marc Perkel wrote:
    > Name based DNS lists are more reliable because IP addresses can change.


    We did not do much changes in out dialup and ADSL ranges, while I was
    changing the naming scheme at least two times.

    > The name based list covers all IP addresses where the FCrDNS resolves to
    > that name.


    And in the previous naming schemes we even could not differ static and
    dynamic space by rbldns. I guess there are more ISPs that have similar
    issues and such blacklists would cause FPs or FNs.

    --
    Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
    Warning: I wish NOT to receive e-mail advertising to this address.
    Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
    I don't have lysdexia. The Dog wouldn't allow that.


  3. Message-ID:Reply-To:References:MIME-Version:Content-Type:In-Reply-To; b=EABXulfHFA0WcfcdAUCo0HS6gSwMOlmldwpeXEeP8Ougg3y/rZu5pQUdQQg2lT7VRvypKTDYlpRQqqoKc0EhyVj3EU1Bq0201b a2u3PPCNJFgqoDcRqzdcwKlYxdeMRw79RXQiOmf9Ral72IVqro G89z6ysqX6qhefUk6EZLWIs=

    On Mon, Jun 02, 2008 at 01:28:21PM +0200, Matus UHLAR - fantomas wrote:
    > On 30.05.08 15:37, Larry Ludwig wrote:
    > > IMHO regex setups are even more reliable we do this with our postfix setup.
    > >
    > > For example:
    > > /^c-.+-.+-.+-.+\..+\..+\.comcast\.net$/ REJECT
    > > dynamic ip address use isp for outgoing email - access.regex
    > >
    > > I think is more reliable than just by name or especially by IP since IP
    > > allocations do change.

    >
    > looking at 20_dynrdns.cf we see that there are MANY forms of marking
    > dynamically allocated space. The score of RDNS_DYNAMIC dropped in the past
    > (there were FP's reportet iirc) and now it's mostly used in conjuction with
    > other rules.
    >
    > If your regexp's are THAT efficient, share them with us please.


    20_dynrdns is lame and no one is really updating it. It doesn't even strip
    domains, resulting in hosts like smtp.dynamic1.com to match. It's pretty
    cumbersome to use the meta headers too. It needs some revamping to be more
    useful.

    That's why there are plugins like Botnet and my BadRelay[1] (which handles
    domains properly). My tool is pretty outdated too, I haven't updated it
    since I started blocking and greylisting suspicious hosts directly at MTA.
    Not much passes through.

    For a really big regexp list, have a look at [2].

    [1] http://sa.hege.li/
    [2] http://www.linuxmagic.com/opensource...dynamic_regex/


  4. Message-ID:Reply-To:References:MIME-Version:Content-Type:In-Reply-To; b=WrtUdsU0X0Gsn5ocTdV8ohJBjUOgsKwd//kIJmN+f0xb2JlGcNL+4xIwc8bzUkwXKBHiCYCa26Lp7+L7xMgE/Onp9zb1jNcPfxHyXhDUZdY3anFpzBQon53OFhCqAChK95opGRa i3aZh0Q+GTgJDoZIvV+cY9df8q7XABA7rrKE=

    On Mon, Jun 02, 2008 at 03:14:08PM +0300, Henrik K wrote:
    > On Mon, Jun 02, 2008 at 01:28:21PM +0200, Matus UHLAR - fantomas wrote:
    > > On 30.05.08 15:37, Larry Ludwig wrote:
    > > > IMHO regex setups are even more reliable we do this with our postfix setup.
    > > >
    > > > For example:
    > > > /^c-.+-.+-.+-.+\..+\..+\.comcast\.net$/ REJECT
    > > > dynamic ip address use isp for outgoing email - access.regex
    > > >
    > > > I think is more reliable than just by name or especially by IP since IP
    > > > allocations do change.

    > >
    > > looking at 20_dynrdns.cf we see that there are MANY forms of marking
    > > dynamically allocated space. The score of RDNS_DYNAMIC dropped in the past
    > > (there were FP's reportet iirc) and now it's mostly used in conjuction with
    > > other rules.
    > >
    > > If your regexp's are THAT efficient, share them with us please.

    >
    > 20_dynrdns is lame and no one is really updating it. It doesn't even strip
    > domains, resulting in hosts like smtp.dynamic1.com to match. It's pretty
    > cumbersome to use the meta headers too. It needs some revamping to be more
    > useful.
    >
    > That's why there are plugins like Botnet and my BadRelay[1] (which handles
    > domains properly). My tool is pretty outdated too, I haven't updated it
    > since I started blocking and greylisting suspicious hosts directly at MTA.
    > Not much passes through.
    >
    > For a really big regexp list, have a look at [2].
    >
    > [1] http://sa.hege.li/
    > [2] http://www.linuxmagic.com/opensource...dynamic_regex/


    Just a few more hints. If you are scared to block anything directly,
    greylist everything suspicious with a long delay. And using same dynamic
    regexp lists to match HELO is even more foolproof.

    Also check some more generic regexpes from my examples:

    http://hege.li/howto/spam/etc/postfix/in/
    (access_helo_dynamic, greylist_*, whitelist_client)

    DNSBL operators will thank you for using such lists before any queries.


  5. Re: DNS ISP Host List Available

    > > On 30.05.08 15:37, Larry Ludwig wrote:
    > > > IMHO regex setups are even more reliable we do this with our postfix setup.
    > > >
    > > > For example:
    > > > /^c-.+-.+-.+-.+\..+\..+\.comcast\.net$/ REJECT
    > > > dynamic ip address use isp for outgoing email - access.regex
    > > >
    > > > I think is more reliable than just by name or especially by IP since IP
    > > > allocations do change.


    > On Mon, Jun 02, 2008 at 01:28:21PM +0200, Matus UHLAR - fantomas wrote:
    > > looking at 20_dynrdns.cf we see that there are MANY forms of marking
    > > dynamically allocated space. The score of RDNS_DYNAMIC dropped in the past
    > > (there were FP's reportet iirc) and now it's mostly used in conjuction with
    > > other rules.
    > >
    > > If your regexp's are THAT efficient, share them with us please.


    On 02.06.08 15:14, Henrik K wrote:
    > 20_dynrdns is lame and no one is really updating it. It doesn't even strip
    > domains, resulting in hosts like smtp.dynamic1.com to match. It's pretty
    > cumbersome to use the meta headers too. It needs some revamping to be more
    > useful.


    Is there a bugreport for this? Or do youfind it better to whine and not try
    to make it better?

    > That's why there are plugins like Botnet and my BadRelay[1] (which handles
    > domains properly). My tool is pretty outdated too, I haven't updated it
    > since I started blocking and greylisting suspicious hosts directly at MTA.
    > Not much passes through.


    BotNet was afaik reported to have FP's for ISPs. That's why I do not use it.

    --
    Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
    Warning: I wish NOT to receive e-mail advertising to this address.
    Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
    - Have you got anything without Spam in it?
    - Well, there's Spam egg sausage and Spam, that's not got much Spam in it.


  6. Message-ID:Reply-To:References:MIME-Version:Content-Type:In-Reply-To; b=s4M0C0GgPex02N5jlIFDxGuTriIQV+HSYXQNIeSzsy2RbDVu BXy2bu3B0zRkValQ2P0pkMrVzPTr3B5zMWSGvIMpal2UlKRPNP rq8gpcXbe7z5MQmXwzTkgd/rjcrl/YysqTtK6z5/egETtZ18T31LVxa/ov+0J0CqAzbgsRSrI=

    On Mon, Jun 02, 2008 at 03:29:44PM +0200, Matus UHLAR - fantomas wrote:
    > > > On 30.05.08 15:37, Larry Ludwig wrote:
    > > > > IMHO regex setups are even more reliable we do this with our postfix setup.
    > > > >
    > > > > For example:
    > > > > /^c-.+-.+-.+-.+\..+\..+\.comcast\.net$/ REJECT
    > > > > dynamic ip address use isp for outgoing email - access.regex
    > > > >
    > > > > I think is more reliable than just by name or especially by IP since IP
    > > > > allocations do change.

    >
    > > On Mon, Jun 02, 2008 at 01:28:21PM +0200, Matus UHLAR - fantomas wrote:
    > > > looking at 20_dynrdns.cf we see that there are MANY forms of marking
    > > > dynamically allocated space. The score of RDNS_DYNAMIC dropped in the past
    > > > (there were FP's reportet iirc) and now it's mostly used in conjuction with
    > > > other rules.
    > > >
    > > > If your regexp's are THAT efficient, share them with us please.

    >
    > On 02.06.08 15:14, Henrik K wrote:
    > > 20_dynrdns is lame and no one is really updating it. It doesn't even strip
    > > domains, resulting in hosts like smtp.dynamic1.com to match. It's pretty
    > > cumbersome to use the meta headers too. It needs some revamping to be more
    > > useful.

    >
    > Is there a bugreport for this? Or do youfind it better to whine and not try
    > to make it better?


    There are many bug reports, what good does it do if noone has the time to
    act on them?

    > > That's why there are plugins like Botnet and my BadRelay[1] (which handles
    > > domains properly). My tool is pretty outdated too, I haven't updated it
    > > since I started blocking and greylisting suspicious hosts directly at MTA.
    > > Not much passes through.

    >
    > BotNet was afaik reported to have FP's for ISPs. That's why I do not use it.


    Botnet blocks what you configure it to block. SA rules are forced on you.


  7. Message-ID:Reply-To:References:MIME-Version:Content-Type:In-Reply-To; b=on3QkwJ0qmMKjrvataYnIkCu0C/NiWlIedJiOuBIi1Qx6nGrNNcYku8C/qXjUiu5qx7UETf60GN8Vno96U6DoUk0iC2LIRBNVgPff3Nr2Uy cux32Yn81iexFZptWNjGo3MTiCdGtbBV+Fr0jbjYlQZSmHMx3k Mn5uSYCcruCg6c=

    On Mon, Jun 02, 2008 at 05:33:10PM +0300, Henrik K wrote:
    > On Mon, Jun 02, 2008 at 03:29:44PM +0200, Matus UHLAR - fantomas wrote:
    > >
    > > Is there a bugreport for this? Or do youfind it better to whine and not try
    > > to make it better?

    >
    > There are many bug reports, what good does it do if noone has the time to
    > act on them?


    Ok I need to clarify few things, before I'm regarded as a complete whiner.

    Many things that I "whine" about are not _that_ serious. You can simply stop
    using them or trust that bayes or other rules save the day. Obviously 95%+
    of users are happy the way things are, and there is nothing wrong with that.

    You can try to improve things, but when some bug reports wait for answers
    for weeks or months, it just isn't that creative anymore. I try to value my
    free time more than trying to "fight" some (perhaps less urgent) issues to
    be fixed.

    It's great how far SA is already, I give props to all the developers that
    spend their free time on it. But just imagine what it could be, if for
    example Justin would be paid to work on it 8 hours a day?


  8. Re: Developing SpamAssassin



    (snip)
    > It's great how far SA is already, I give props to all the developers that
    > spend their free time on it. But just imagine what it could be, if for
    > example Justin would be paid to work on it 8 hours a day?


    if he get paid he would get more tired of the work and we would get more bugs

    no ?


    Benny Pedersen
    Need more webspace ? http://www.servage.net/?coupon=cust37098


  9. Message-ID:Reply-To:References:MIME-Version:Content-Type:In-Reply-To; b=IDNmhxVSVhlF8i4kUqgZPgHB8zUj1xAAYgM0TMAUTEpAzsXf rGecpJP+AQV/tRMiIpDZkovNqnsU9CbBDleeOR+JGCBPhHr2Zf7+nv+Pa0lhcV 81UhWiCbveQSeTHWsu9IfFVoDg17+V/fOXv6B6DN9ca12iNohTTvX2UgJSg5o=

    On Mon, Jun 02, 2008 at 06:52:26PM +0200, Benny Pedersen wrote:
    >
    > (snip)
    > > It's great how far SA is already, I give props to all the developers that
    > > spend their free time on it. But just imagine what it could be, if for
    > > example Justin would be paid to work on it 8 hours a day?

    >
    > if he get paid he would get more tired of the work and we would get more bugs
    >
    > no ?


    Is this some sort of weird humor? I don't get it.. so you think it's better
    to work randomly on something for a few moments, after a possibly exhausting
    day at your real job?

    I would have no problem to contribute 1 or 2 euros a year to SA, if other
    50000+ users did the same. But I guess it would be hard to set up things
    like that.


  10. Re: Developing SpamAssassin


    On Mon, June 2, 2008 19:03, Henrik K wrote:

    > Is this some sort of weird humor?


    no i am just a dane

    > I don't get it.. so you think it's better to work randomly on something
    > for a few moments, after a possibly exhausting day at your real job?


    from my own expirements yes, i sometimes get stok in my work and let it be for
    some hours and later get back and do what i wanted, sometimes its better to
    let it be when codes does not work

    > I would have no problem to contribute 1 or 2 euros a year to SA, if other
    > 50000+ users did the same.


    well then lets sell it to microsoft :-)

    > But I guess it would be hard to set up things like that.


    just depends on licenses


    Benny Pedersen
    Need more webspace ? http://www.servage.net/?coupon=cust37098


+ Reply to Thread
Page 2 of 2 FirstFirst 1 2