[Gross] greylisting on reverse dns patterns

Jesse Thompson jesse.thompson at doit.wisc.edu
Mon Apr 16 17:50:41 EEST 2007


Hi,

We're seeing an uptick in spam here.  Gross is still blocking over 58% 
(6% match) of the messages, but the increase in overall spam is becoming 
more noticeable.  I'm noticing that a lot of the spam is originating 
from IP addresses that have a reverse dns record that indicates that the 
IP is dynamically assigned.  e.g. "pool" or "dynamic" or "dhcp"

Is there a more aggressive RBL that will list IPs that are on known 
dynamic networks?  Here is the list of RBLs that I'm currently using.

dnsbl = rbl-plus.mail-abuse.org
dnsbl = bl.spamcop.net
dnsbl = dnsbl.njabl.org
dnsbl = cbl.abuseat.org
dnsbl = dnsbl.sorbs.net
dnsbl = list.dsbl.org
dnsbl = multihop.dsbl.org
dnsbl = zen.spamhaus.org

What about adding a feature to Gross to match on the reverse dns of the 
client_ip?  I'm considering cracking open the source code and dusting 
off my C reference to consider implementing this feature myself.

Jesse
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3304 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.utu.fi/pipermail/gross/attachments/20070416/6b11afe7/attachment.bin>


More information about the Gross mailing list