Spam Filter ISP Support Forum

  New Posts New Posts RSS Feed - blocking based on connection info
  FAQ FAQ  Forum Search   Register Register  Login Login

blocking based on connection info

 Post Reply Post Reply
Author
keizersozay View Drop Down
Groupie
Groupie
Avatar

Joined: 26 January 2005
Location: United States
Status: Offline
Points: 77
Post Options Post Options   Thanks (0) Thanks(0)   Quote keizersozay Quote  Post ReplyReply Direct Link To This Post Topic: blocking based on connection info
    Posted: 22 April 2005 at 11:23am

for example, I have the following information in my logs:
Resolving 141.213.240.146 - v-adsl-fh-240-146.umnet.umich.edu

If I write some regex to block anything with 'dsl' in the name, what file would I put it in to block based on the reverse dns lookup of the connecting ip address?

If this is not possible, can it be added. I think it would be a big help.

Thanks

Back to Top
Desperado View Drop Down
Senior Member
Senior Member
Avatar

Joined: 27 January 2005
Location: United States
Status: Offline
Points: 1143
Post Options Post Options   Thanks (0) Thanks(0)   Quote Desperado Quote  Post ReplyReply Direct Link To This Post Posted: 22 April 2005 at 7:52pm
keizersozay,
 
First you need to make sure that the SpamFilter.ini setting "ScanReceivedHeaders=1" is set.  Then, the RegEx
 
(.+(client2|client|dhcp|adsl).*\.(net|com|biz|org|edu))
 
in the Blocked Domains, some variation of this will block it.
 
Regards,
The Desperado
Dan Seligmann.
Work: http://www.mags.net
Personal: http://www.desperado.com

Back to Top
keizersozay View Drop Down
Groupie
Groupie
Avatar

Joined: 26 January 2005
Location: United States
Status: Offline
Points: 77
Post Options Post Options   Thanks (0) Thanks(0)   Quote keizersozay Quote  Post ReplyReply Direct Link To This Post Posted: 25 April 2005 at 9:54am
Thanks...
Back to Top
keizersozay View Drop Down
Groupie
Groupie
Avatar

Joined: 26 January 2005
Location: United States
Status: Offline
Points: 77
Post Options Post Options   Thanks (0) Thanks(0)   Quote keizersozay Quote  Post ReplyReply Direct Link To This Post Posted: 25 April 2005 at 3:12pm

I know it has been posted several times before, but what is the order that spam filter uses to block messages. The reason I ask is because I did what was mentioned above, and the messages are not stopped by what is in the 'blacklist domain' file, but they are being blocked by the regular keyword file.
Ie
resolving 82.251.251.102 - lns-vlq-8-tou-82-251-251-102.adsl.proxad.net
was not blocked by the regex
(.+(client2|client|dhcp|adsl).+\.(net|com|biz|org|edu)) <- which is in the 'blacklist domain' file
which should have blocked it....

Back to Top
LogSat View Drop Down
Admin Group
Admin Group
Avatar

Joined: 25 January 2005
Location: United States
Status: Offline
Points: 4065
Post Options Post Options   Thanks (0) Thanks(0)   Quote LogSat Quote  Post ReplyReply Direct Link To This Post Posted: 25 April 2005 at 6:35pm
keizersozay,

Yes, this has been posted before, but it never hurts to post it again, especially since the previous lists do not include the antivirus plugin. As of SpamFilter ISP v2.5:

All the whitelists are checked first. If a match is found, the blacklists are skipped, the email recipients are accepted, and SpamFilter is ready to accept the data command. If none of the whitelists are matched, then the blacklists are currently searched in order below:

1. Allowed Domains
2. Local Domain BlackList
3. Local Emails Blacklist
4. Local Emails TO Blacklist
5. Not in Authorized TO Emails
6. Country Blacklist
7. Reject No Reverse DNS
8. Reject Empty Mail From
9. Reject Same To From Email address
10. Reject Same To From Domain
11. Recipient Count &gt; Max RCPTTO
12. MX Record check
13. SPF Filter
14. MAPS check
15. Attachment Filter
16. Keywords
17. Bayesian Filtering
18. Antivirus Plugin

Roberto Franceschetti

LogSat Software

Spam Filter ISP
Back to Top
Marrab View Drop Down
Newbie
Newbie
Avatar

Joined: 27 January 2005
Location: Russian Federation
Status: Offline
Points: 12
Post Options Post Options   Thanks (0) Thanks(0)   Quote Marrab Quote  Post ReplyReply Direct Link To This Post Posted: 29 April 2005 at 12:50am
Originally posted by Desperado Desperado wrote:

First you need to make sure that the SpamFilter.ini setting "ScanReceivedHeaders=1" is set.  Then, the RegEx
 
(.+(client2|client|dhcp|adsl).*\.(net|com|biz|org|edu))
 
in the Blocked Domains, some variation of this will block it.

It doesn't work. I am put in Blocked Domains:

(.+\.comcast\.net)

And i received mail:

Connection from: 24.15.118.155  -  Originating country : United States
Resolving 24.15.118.155 - c-24-15-118-155.hsd1.il.comcast.net
Mail from: salah@YourBizHelp.biz
 - MAPS search done... 
RCPT TO: a@b.c.ru accepted
EMail from salah@YourBizHelp.biz to a@b.c.ru passes Bayesian filter - 0% spam  (63ms)
EMail from salah@YourBizHelp.biz to a@b.c.ru was queued. Size: 6 KB, 6144 bytes
Sending email from salah@YourBizHelp.biz to a@b.c.ru
Time to add Msg to Bayes corpus:0
EMail from salah@YourBizHelp.biz to a@b.c.ru  was forwarded to localhost:3024

I'm try *.comcast.net with same result. In readme.html write "Blacklisted Domains - You can keep a file with additional Domains that you want to blacklist (based on the MAIL FROM field)..." but not result of resolving.

I'm have version 2.5.1.441.

Back to Top
 Post Reply Post Reply
  Share Topic   

Forum Jump Forum Permissions View Drop Down



This page was generated in 0.094 seconds.