Hello,
I am currently testing an ACL which seems to catch many dynamic IPs by
their reverse DNS.
I am using:
warn
set acl_c6=${lookupdnsdb{ptr=$sender_host_address}{${lc:$value}}{}}
condition = ${if
match{$acl_c6}{\N(^[^\.]*[0-9]\-+[0-9]|^[^\.]*[0-9]{5,}[^\.]|^([^\.]+\.)?[0-9][^\.]*\.[^\.]+\..+\.[a-z]|^[^\.]*[0-9]\.[^\.]*[0-9]-[0-9]|^(dyn|cable|dhcp|dialup|ppp|adsl)[^\.]*[0-9])\N}{yes}{no}}
log_message = Generic reverse DNS
delay = 60s
It seems to deliver good results so far. I you could share your
experience with it, I think it would be beneficial for the antispam
lovers on this list. Sorry for the length of the regex but it is the
shortest I could do.
--
010100100110010101101110011000010111010101100100
010000010110110001101100011000010111001001100100
