You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Matus UHLAR - fantomas <uh...@fantomas.sk> on 2011/03/17 17:12:47 UTC
Re: plugin for CIDR matching
On 14.03.11 13:41, Markus Reschke wrote:
> Currently I'm writing a small SA plugin for checking if IP addresses of
> relaying MTAs (in the Received: lines) are within a list of defined CIDR
> blocks. Most admins filter specific CIDR blocks, e.g. from known SPAMming
> ISPs, at the MTA level. That way all emails from the given CIDR blocks
> are
> rejected. But some users like to get those emails too. There could be an
> important email or one from a potential customer - whatever. My SA plugin
> can solve that problem by adding a SPAM score to matching emails. The
> email may be flagged as SPAM but it's received.
running RBLDNS and defining simple blacklist check would do the same.
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
- Holmes, what kind of school did you study to be a detective?
- Elementary, Watson. -- Daffy Duck & Porky Pig
Re: plugin for CIDR matching
Posted by David B Funk <db...@engineering.uiowa.edu>.
On Thu, 17 Mar 2011, Matus UHLAR - fantomas wrote:
> On 14.03.11 13:41, Markus Reschke wrote:
>> Currently I'm writing a small SA plugin for checking if IP addresses of
>> relaying MTAs (in the Received: lines) are within a list of defined CIDR
>> blocks. Most admins filter specific CIDR blocks, e.g. from known SPAMming
>> ISPs, at the MTA level. That way all emails from the given CIDR blocks
>> are
>> rejected. But some users like to get those emails too. There could be an
>> important email or one from a potential customer - whatever. My SA plugin
>> can solve that problem by adding a SPAM score to matching emails. The
>> email may be flagged as SPAM but it's received.
>
> running RBLDNS and defining simple blacklist check would do the same.
>
Additionally the RBLDNS can be dynamically updated w/o requiring a
restart/rebuild of SA rules base. Depending upon which RBLDNSd you're
running it may be more flexible. The "mjt" rbldnsd takes CIDR notation
but also allows address ranges (EG 10.10.10.3-10.10.10.99) as well
as nested ranges.
I run two different local RBLDNSDs, one for IP addrs & one for
hostname/RLS.
--
Dave Funk University of Iowa
<dbfunk (at) engineering.uiowa.edu> College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{