Re: PATCH reject_rhsbl_reverse_client

From: Noel Jones (no email)
Date: Fri Mar 05 2010 - 08:36:42 EST

  • Next message: motty cruz: "virtual domains"

    On 3/5/2010 6:05 AM, Stan Hoeppner wrote:
    > Noel Jones put forth on 3/4/2010 2:51 PM:
    >> The idea is that this might increase rhsbl hit rates if the hostname is
    >> more frequently available. On the other hand, spam-only domains seem to
    >> usually have verifiable hostnames, so I'm not sure how much this will
    >> really help.
    >
    > I don't quite follow your second statement here. Isn't this patch supposed
    > to grab the domain name from the client's rDNS name? Snowshoe spammers

    By "help" I mean catch spam that would not be caught by the
    existing reject_rhsbl_client, ie. domains with spammy rDNS but
    no matching A record logged as "unknown".

    Seems to me that most dedicated-spam domains are careful to
    set up proper FCRDNS; this patch won't have any *additional*
    effect on those domains. But it might help catch some. In
    two days of using dbl.spamhaus I've had exactly 3 hits on
    client names; all had proper FCRDNS and would have been
    rejected with the existing rhsbl code. Hopefully this will
    improve.

    On the other hand, one could argue that it is proper to always
    use the unverified reverse client for rhsbl lookups and the
    existing reject_rhsbl_client is too strict. I have trouble
    imagining a case where using the unverified reverse name would
    lead to a false positive.

       -- Noel Jones


  • Next message: motty cruz: "virtual domains"





    Hosted Email Solutions

    Invaluement Anti-Spam DNSBLs



    Powered By FreeBSD   Powered By FreeBSD