Can you explain "Reject 'dynamic' Client Hostnames"

Need help? Ask here.

Moderator: Moderators

Post Reply
sgrayban
Posts: 60
Joined: Wed Jul 12, 2006 9:53 am

Can you explain "Reject 'dynamic' Client Hostnames"

Post by sgrayban »

How/what is the format in check for this?

Is it by IP or??? If by IP what are the differences on this?
RollerNetSupport
Site Admin
Posts: 598
Joined: Wed Nov 17, 2004 10:05 pm
Location: Nevada
Contact:

Post by RollerNetSupport »

It works by comparing the PTR lookup in DNS with some typical dynamic IP patterns. If a pattern is matched, the connection is rejected. Current patterns, and any we add later, are listed here:

http://forums.rollernet.us/viewtopic.php?t=296
Technical Support support@rollernet.us
Roller Network LLC
sgrayban
Posts: 60
Joined: Wed Jul 12, 2006 9:53 am

Post by sgrayban »

And this helps us how? I guess I am missing the reason for this. What is a working example of this in use?
RollerNetSupport
Site Admin
Posts: 598
Joined: Wed Nov 17, 2004 10:05 pm
Location: Nevada
Contact:

Post by RollerNetSupport »

This feature was a request. It blocks connections from IP addresses that appear to be dynamic hosts based on their DNS information.
Technical Support support@rollernet.us
Roller Network LLC
sgrayban
Posts: 60
Joined: Wed Jul 12, 2006 9:53 am

Post by sgrayban »

So it checks if the mail is coming directly from a ISP's dynamic IP pool ?
RollerNetSupport
Site Admin
Posts: 598
Joined: Wed Nov 17, 2004 10:05 pm
Location: Nevada
Contact:

Post by RollerNetSupport »

Assuming the DNS reverse lookup contains IP patterns commonly seen in dynamic pools, yes. Some examples are:

Code: Select all

84.99.40.53 (53.40.99-84.rev.gaoland.net)
24.232.254.245 (OL245-254.fibertel.com.ar)
83.45.93.9 (9.Red-83-45-93.dynamicIP.rima-tde.net)
200.113.42.217 (113-42-217.adsl.cust.tie.cl)
81.7.118.243 (ip118-243.anet.lt)
83.208.85.194 (194.85.broadband2.iol.cz)
125.22.99.244 (dsl-KK-dynamic-244.99.22.125.airtelbroadband.in)
Technical Support support@rollernet.us
Roller Network LLC
sgrayban
Posts: 60
Joined: Wed Jul 12, 2006 9:53 am

Post by sgrayban »

Ok... I wonder how pratical this is... It could block many valid emails so I won't turn mine on. I'll stick with the blackholes listing.

thanks
dstutz
Posts: 20
Joined: Mon May 08, 2006 4:30 pm

Post by dstutz »

I'm a little confused about which formats fall under which category.

In your first post about the announcement (http://forums.rollernet.us/viewtopic.php?t=296) you use the terms "Basic" and "Advanced" and basic has a lot and advanced had one pattern. Your next post you use the terms "Basic" and "Full" and now basic doesn't have many and full has a lot.

Basically...I'd just like to know which option to choose to get the *most* coverage.

Edit: I ask because I just received this spam email while in basic mode:
Received: from cpe-065-191-076-106.nc.res.rr.com (cpe-065-191-076-106.nc.res.rr.com [65.191.76.106]) by mail2.rollernet.us

And I received this one in Advanced mode:
Received: from 58.69.12.102.pldt.net (unknown [58.69.12.102]) by
mail.rollernet.us

And I would like to not receive either...The only messages I'm getting anymore are the image spams hawking stocks. I have installed the fuzzyOCR module to spamassassin on my local server so they're getting tagged correctly, but I'd LOVE to reject these as they almost always come from these types of dynamic IPs.

Thanks,
Dave
RollerNetSupport
Site Admin
Posts: 598
Joined: Wed Nov 17, 2004 10:05 pm
Location: Nevada
Contact:

Post by RollerNetSupport »

The Full/Advanced thing was a typo on my part; Full means Advanced. I've edited the post to fix that.

Do you have any whitelist entries for client validity checks?
Technical Support support@rollernet.us
Roller Network LLC
dstutz
Posts: 20
Joined: Mon May 08, 2006 4:30 pm

Post by dstutz »

glendale2x wrote:Do you have any whitelist entries for client validity checks?
I have 5 IP ranges in there, none of which include either of the 2 IPs I pasted above.

Which of the 2 modes has more filters in it?
RollerNetSupport
Site Admin
Posts: 598
Joined: Wed Nov 17, 2004 10:05 pm
Location: Nevada
Contact:

Post by RollerNetSupport »

Advanced includes all pattern types.

Just to clarify: the post you referred to is the IP ranges as regular expressions; that means the dot in the pattern can be anything (dot, dash, both, neither, etc.).
Technical Support support@rollernet.us
Roller Network LLC
dstutz
Posts: 20
Joined: Mon May 08, 2006 4:30 pm

Post by dstutz »

glendale2x wrote:Advanced includes all pattern types.

Just to clarify: the post you referred to is the IP ranges as regular expressions; that means the dot in the pattern can be anything (dot, dash, both, neither, etc.).
Thanks for the clarifications...I know .00001% about regex so I didn't immediately spot that. Thanks for the great service (this forum and the actual services).

Dave
Post Reply