Hello,
Renaud Allard writes:
> Adam KOSA wrote:
>> Currently the pattern looks like this:
>>
>> deny hosts = \N^.*(adsl|pool)\..*$\N : \N^.*-dyn.*\..*$\N :
>> \N^.*pool.*$\N : \N^.*[0-9]+-[0-9]+.*$\N
>>
>
> I just stumbled on this URL which may interest you (and probably every
> reader here) as it lists some interesting regexes for detecting dynamic
> IPs.
> http://www.gabacho-net.jp/en/anti-spam/anti-spam-system.html#3-1
This is a good starting point, though putting this on a production system
would cause an unacceptably high rate of false positives. The most
significat issue in the above pattern is there is no way to draw a
relationship between the IP address and the reverse domain name.
The below link is a comparitive bwtween NJABL and DynaStop. The important
relevance to this issue is the relationship of the IP address to the reverse
domain name.
http://www.exim-users.org/forums/showthread.php?t=54012
The second message in this thread is a comparitive of SpamHaus ZEN. Again
the context is the relationship of the IP address to the reverse domain
name.
It is extrememly crucial to limit the patternistic heuristics to the IP
address in question only. If you can not maintain that relationship in the
analysis, you run the risk of have the whole thing run wild uncontrolably.
That means a lot of lost mail.
---
DynaStop: Stopping spam one dynamic IP address at a time.
http://tanaya.net/DynaStop/