Can you explain "Reject 'dynamic' Client Hostnames"

sgrayban · Post by **sgrayban** » Mon Oct 09, 2006 8:47 am

How/what is the format in check for this?

Is it by IP or??? If by IP what are the differences on this?

Post by **RollerNetSupport** » Tue Oct 10, 2006 6:49 pm

It works by comparing the PTR lookup in DNS with some typical dynamic IP patterns. If a pattern is matched, the connection is rejected. Current patterns, and any we add later, are listed here:

http://forums.rollernet.us/viewtopic.php?t=296

sgrayban · Post by **sgrayban** » Tue Oct 10, 2006 9:49 pm

And this helps us how? I guess I am missing the reason for this. What is a working example of this in use?

Post by **RollerNetSupport** » Wed Oct 11, 2006 11:13 am

This feature was a request. It blocks connections from IP addresses that appear to be dynamic hosts based on their DNS information.

sgrayban · Post by **sgrayban** » Wed Oct 11, 2006 11:17 am

So it checks if the mail is coming directly from a ISP's dynamic IP pool ?

Post by **RollerNetSupport** » Wed Oct 11, 2006 12:48 pm

Assuming the DNS reverse lookup contains IP patterns commonly seen in dynamic pools, yes. Some examples are:

Code: Select all

84.99.40.53 (53.40.99-84.rev.gaoland.net)
24.232.254.245 (OL245-254.fibertel.com.ar)
83.45.93.9 (9.Red-83-45-93.dynamicIP.rima-tde.net)
200.113.42.217 (113-42-217.adsl.cust.tie.cl)
81.7.118.243 (ip118-243.anet.lt)
83.208.85.194 (194.85.broadband2.iol.cz)
125.22.99.244 (dsl-KK-dynamic-244.99.22.125.airtelbroadband.in)

sgrayban · Post by **sgrayban** » Wed Oct 11, 2006 12:59 pm

Ok... I wonder how pratical this is... It could block many valid emails so I won't turn mine on. I'll stick with the blackholes listing.

thanks

dstutz · Post by **dstutz** » Fri Oct 27, 2006 4:25 am

I'm a little confused about which formats fall under which category.

In your first post about the announcement (http://forums.rollernet.us/viewtopic.php?t=296) you use the terms "Basic" and "Advanced" and basic has a lot and advanced had one pattern. Your next post you use the terms "Basic" and "Full" and now basic doesn't have many and full has a lot.

Basically...I'd just like to know which option to choose to get the *most* coverage.

Edit: I ask because I just received this spam email while in basic mode:
Received: from cpe-065-191-076-106.nc.res.rr.com (cpe-065-191-076-106.nc.res.rr.com [65.191.76.106]) by mail2.rollernet.us

And I received this one in Advanced mode:
Received: from 58.69.12.102.pldt.net (unknown [58.69.12.102]) by
mail.rollernet.us

And I would like to not receive either...The only messages I'm getting anymore are the image spams hawking stocks. I have installed the fuzzyOCR module to spamassassin on my local server so they're getting tagged correctly, but I'd LOVE to reject these as they almost always come from these types of dynamic IPs.

Thanks,
Dave

Post by **RollerNetSupport** » Fri Oct 27, 2006 10:28 am

The Full/Advanced thing was a typo on my part; Full means Advanced. I've edited the post to fix that.

Do you have any whitelist entries for client validity checks?

dstutz · Post by **dstutz** » Fri Oct 27, 2006 11:01 am

glendale2x wrote:Do you have any whitelist entries for client validity checks?

I have 5 IP ranges in there, none of which include either of the 2 IPs I pasted above.

Which of the 2 modes has more filters in it?

Post by **RollerNetSupport** » Fri Oct 27, 2006 12:15 pm

Advanced includes all pattern types.

Just to clarify: the post you referred to is the IP ranges as regular expressions; that means the dot in the pattern can be anything (dot, dash, both, neither, etc.).

dstutz · Post by **dstutz** » Mon Oct 30, 2006 7:16 pm

glendale2x wrote:Advanced includes all pattern types.

Just to clarify: the post you referred to is the IP ranges as regular expressions; that means the dot in the pattern can be anything (dot, dash, both, neither, etc.).

Thanks for the clarifications...I know .00001% about regex so I didn't immediately spot that. Thanks for the great service (this forum and the actual services).

Dave