Possible feature request |
Post Reply 
|
| Author | |
Terry 
Senior Member 
Joined: 06 February 2005 Status: Offline Points: 155 |
 Post Options
 Thanks(0)
 Quote Reply
 Topic: Possible feature requestPosted: 25 January 2006 at 5:45pm |
|
We are getting a lot of spam coming in from obvious home dsl and broadband connections. We believe that this is because of all the latest trojans out there. The impact to us is that these are not yet blacklisted and therefore many get past the spamfilter and make it into our email system. We notice that there are reverse dns entries for these machines and they seem to follow a common pattern. The reverse dns entry has all the octets of the ip address originating the email......for example: 5/06 09:29:41:699 -- (2920) Resolving 24.30.57.153 - c-24-30-57-153.hsd1.ga.comcast.net Would it be possible to add a quarantine or block option to spamfilter to allow us to quarantine any email from a sender where each octet of their source ip address can also be found in the reverse dns name? We think this would stop a ton of spam from getting past the filter. Terry
|
|
 |
|
|
Desperado
Senior Member
Joined: 27 January 2005 Location: United States Status: Offline Points: 1143 |
Post Options
Thanks(0)
Quote Reply
Posted: 25 January 2006 at 6:38pm |
|
Terry, First, I agree with your assessment however, the IP you used in your example would have been blocked by combined.njabl.org dnsbl, Spamcop, Sorbs, Spamhaus and about a dozen other lists so would not that be a better plan? Edited by Desperado |
|
|
The Desperado
Dan Seligmann. Work: http://www.mags.net Personal: http://www.desperado.com |
|
|
|
|
Terry
Guest Group 
|
Post Options
Thanks(0)
Quote Reply
Posted: 25 January 2006 at 8:07pm |
|
The ip's in the example were just that...an example...in fact one was blocked and one wasn't. I just pulled them from the log to show the format I was talking about....
Terry |
|
|
|
|
Desperado
Senior Member
Joined: 27 January 2005 Location: United States Status: Offline Points: 1143 |
Post Options
Thanks(0)
Quote Reply
Posted: 25 January 2006 at 8:11pm |
|
Terry, What dnsbl's are you using ... several have dynamic / cable / home IP's on them. |
|
|
The Desperado
Dan Seligmann. Work: http://www.mags.net Personal: http://www.desperado.com |
|
|
|
|
Terry
Guest Group
|
Post Options
Thanks(0)
Quote Reply
Posted: 25 January 2006 at 8:15pm |
|
I am using these.. bl.spamcop.net, true Terry |
|
|
|
|
Desperado
Senior Member
Joined: 27 January 2005 Location: United States Status: Offline Points: 1143 |
Post Options
Thanks(0)
Quote Reply
Posted: 25 January 2006 at 8:35pm |
|
Terry, I use: sbl-xbl.spamhaus.org Notice the slight diff in 2 lists. |
|
|
The Desperado
Dan Seligmann. Work: http://www.mags.net Personal: http://www.desperado.com |
|
|
|
|
Terry
Guest Group
|
Post Options
Thanks(0)
Quote Reply
Posted: 26 January 2006 at 9:36am |
|
I will try your settings on mine....however I still think that the feature might be worthwhile.
|
|
|
|
|
Terry
Guest Group
|
Post Options
Thanks(0)
Quote Reply
Posted: 26 January 2006 at 9:51am |
|
Okay...Dan...I have done a little more research and I see that this combined.njabl.org list does the dynamic ip address blocking I was asking for...I didn't know (or understand) that before...I appreciate the information. Terry |
|
|
|
|
Desperado
Senior Member
Joined: 27 January 2005 Location: United States Status: Offline Points: 1143 |
Post Options
Thanks(0)
Quote Reply
Posted: 26 January 2006 at 10:33am |
|
Terry, It will not get all of them but should be an improvement. |
|
|
The Desperado
Dan Seligmann. Work: http://www.mags.net Personal: http://www.desperado.com |
|
|
|
Topic Options|
Post Reply
|
|
Tweet
|
| Forum Jump | Forum Permissions You cannot post new topics in this forum You cannot reply to topics in this forum You cannot delete your posts in this forum You cannot edit your posts in this forum You cannot create polls in this forum You cannot vote in polls in this forum |
This page was generated in 0.254 seconds.