Autor: Ian Eiloart Data: Para: exim-users, Marc Perkel Assunto: Re: [exim] Detecting the domain part of a host address
--On 25 June 2007 16:08:16 +0100 Philip Hazel <ph10@???> wrote:
> On Mon, 25 Jun 2007, Marc Perkel wrote:
>
>> What I'm looking for is that part of the name that someone could
>> register.
>
> Somebody could (did) register ac.uk with the owner of the uk zone.
> Somebody (else) registered cam.ac.uk with the owner of the ac.uk zone.
>
> I think you may need to understand the concept of DNS zones. That's
> about the nearest concept that seems to be what you are trying to do.
> But even that won't help. As has been said, for cus.cam.ac.uk do you
> want cam.ac.uk or ac.uk? Both exist as separate DNS zones. If we make it
> abstract, when you see x.y.z.example do you want z.example or
> y.z.example? You can't tell just by looking at it.
Yes, but precision isn't all that important for the present purpose
(whitelisting domains that are trusted). We're talking about whitelisting
domains that have earned a reputation. The reputation must come from
previous spam scoring for the domain.
Why not start at the second level domain, and work your way down until you
get to a domain with a sufficiently high reputation? Stop if you find a
domain that you don't know well.
A useful principle in quality engineering is to test infrequent random
samples when a system is working well (to keep test costs down), but to
rack up the testing frequency if you detect a problem. That seems to me to
be what Marc is trying to implement. It doesn't matter a jot that this
doesn't map well to DNS zones, or anything else.
What does matter is that at least some domain name and IP addresses can be
cross-referenced in a *reasonably* reliable way. For those domains that
don't have one-to-one mappings, this technique may not be so useful.
--
Ian Eiloart
IT Services, University of Sussex
x3148