LogSat Software

Message Topic Search Topic Options Post Reply Create New Topic Printable Version Translate Topic

   Would be great if the IP-Blacklist (or another Blacklist) could handle also connecting hostnames given by the reverse lookup. There are some dynamic-ranges we never received legitimate mails from, but a lot of spam (often not in MAPS-Servers we use). It seems hostnames like *.dsl.verizon.net, *.client2.attbi.com are more firm (and easyer to add) than their subnets.

Author	Message Topic Search Topic Options Post Reply Create New Topic Printable Version Translate Topic
Frank Schreier Members Profile Send Private Message Find Members Posts Add to Buddy List Guest Group	Post Options Post Reply Quote Frank Schreier Thanks(0) Quote Reply Topic: Feature Wishlist: Connecting Hostname-Blacklist Posted: 11 August 2003 at 7:34am
	Would be great if the IP-Blacklist (or another Blacklist) could handle also connecting hostnames given by the reverse lookup. There are some dynamic-ranges we never received legitimate mails from, but a lot of spam (often not in MAPS-Servers we use). It seems hostnames like .dsl.verizon.net, .client2.attbi.com are more firm (and easyer to add) than their subnets.

Desperado Members Profile Send Private Message Find Members Posts Add to Buddy List Senior Member Joined: 27 January 2005 Location: United States Status: Offline Points: 1143	Post Options Post Reply Quote Desperado Report Post Thanks(0) Quote Reply Posted: 11 August 2003 at 1:21pm
	Frank, Have you tried RegEx's in the From Domain BL? Fo example, and I have not tested this, but the domains you list might block with the following: .dsl.verizon.net, (.\.dsl.verizon.net) .client2.attbi.com (.\.client(\d){1,}.attbi.com) Dan S.

Frank Schreier Members Profile Send Private Message Find Members Posts Add to Buddy List Guest Group	Post Options Post Reply Quote Frank Schreier Thanks(0) Quote Reply Posted: 13 August 2003 at 10:40am
	Dan, I tried it now, but it dosen�t work. It seems the From Domain BL process only the From header line, not the hostname/domain detected by reverse lookup (I remind of reading something about that here before).

Frank Schreier Members Profile Send Private Message Find Members Posts Add to Buddy List Guest Group	Post Options Post Reply Quote Frank Schreier Thanks(0) Quote Reply Posted: 18 August 2003 at 11:23am
	No statement from Logsat? I know you are working on fingerprinting - but in our case, we are alredy using satistical-, HTML- and phrase-filters on our main mailserver. Spamfilter is only used for blocking (and does a great job). But blocking based on revese lookup (something like *ipt.aol.com) would make things easier for us.

LogSat Members Profile Send Private Message Find Members Posts Add to Buddy List Admin Group Joined: 25 January 2005 Location: United States Status: Offline Points: 4104	Post Options Post Reply Quote LogSat Report Post Thanks(0) Quote Reply Posted: 18 August 2003 at 10:07pm
	Frank, We had added the request to our wishlist, but are waiting to see how the statistical fingerprinting behaves before adding new features. The way we designed it also looks at all email headers, including source IPs. It is self-learning, so it could catch all emails missed by other methods. There may not be need for more blocklists, and are waiting until we have a stable version so we can find out. FYI, currently the keyword filter does not look at the reverse lookup result and/or the other smtp headers (except for the subject). Roberto LogSat Software

LogSat Software

Site Navigation[Skip]

Spam Filter ISP Support Forum

Feature Wishlist: Connecting Hostname-Blacklist