stevejenkins / hardwarefreak.com-fqrdns.pcre Goto Github PK
View Code? Open in Web Editor NEWArchive copy of Stan Hoeppner's Postfix PCRE bot spam killer (fqrdns.pcre)
License: MIT License
Archive copy of Stan Hoeppner's Postfix PCRE bot spam killer (fqrdns.pcre)
License: MIT License
Can't see a valid reason for this rule to exist:
/.in-addr.arpa$/ REJECT Generic - Please relay via ISP
I was wondering about two rules that I have false positives on.
/^rrcs(-[12]?[0-9]{1,2}){4}.[a-z]{2,10}.biz.rr.com$/ REJECT Generic - Please relay via ISP (rr.com)
/^wsip(-[12]?[0-9]{1,2}){4}.([a-z]{2}.){2}cox.net$/ REJECT Generic - Please relay via ISP (cox.net)
I believe the first one is static, based on the biz, but I am not positive.
The second one I know is static, based on the wsip.
I have whitelisted ip's that match both the above rules.
Based on the last year of logs, For the first rule, the user seems to have fixed their issue, or no longer contacts us.
146 attempts matched the above rule
393 attempts where blocked before matching, due to rbl rules
For the second rule, we still have clients matching it, and using our specific ip exception.
87 matched the second rule above (cox), of them 47 where false positives.
133 attempts where blocked before matching, due to rbl rules.
I know this is small results, but while people are debating other rules, I thought these could use a tine discussion, or if the in-addr.arpa rule was put into a more targeted list, these I think should be moved also.
/^net(-[12]?[0-9]{1,2}){4}.cust.vodafonedsl.it$/ REJECT Generic - Please relay via ISP (vodaphonedsl.it)
You can remove these entries as these greek ISPs don't exist any more:
ontelecoms.gr
acn.gr
vivodi.gr
Steve: Thanks for taking on the maintenance of this. Not really an issue per se, Just a concern. Hopefully it's an OK place to ask. Those pcre files are pretty lengthy. Is there much overhead in applying them to every message that comes through?
Hello,
The following address sent spam today, and it does not occur in the list:
77.47.47.237.dynamic.cablesurf.de
As keeping the list up to date is impossible, I suggest you replace individual entries with a common pattern. For example, the following rules replace about 320 individual entries, they automatically include similar new entries, and help speedup postfix's filtering:
/dyn(amic|adsl|dsl|ip)?[0-9]?[.-]/ REJECT Dynamic - Please relay via your ISP
/dial(in|up|-up|ip|pool|bs)?[0-9]?[.-]/ REJECT Dynamic - Please relay via your ISP
/dhcp[0-9]?[.-]/ REJECT Dynamic - Please relay via your ISP
/(wireless|wifi|wimax)[.-]/ REJECT Dynamic - Please relay via your ISP
I also suggest removing the "static" addresses: offices get those, and some host their own well-configured e-mail servers.
I have only recently started to use fqrdns.pcre and quickly found some domains/senders causing FPs due to
/^dd[1-9][0-9]{3,5}\.kasserver\.com$/ REJECT Generic - Please relay via ISP (kasserver.com)
In many if not all cases the IP addresses + the FQrDNS names have been stable over the course of several months (I checked my logs since January 2019). The domains with the highest volumes are
seiteanseite.at 85.13.147.26 dd28616.kasserver.com
wohlrab.at 85.13.145.46 dd26118.kasserver.com
mailman.pxldsk.com 85.13.153.66 dd36426.kasserver.com
kindertheater.com 85.13.145.208 dd26926.kasserver.com
drehbuchforum.at 85.13.133.140 dd10926.kasserver.com
fluglaerm.at 85.13.152.9 dd34912.kasserver.com
concordia.at 85.13.130.23 dd3712.kasserver.com
EDIT: Found not just 2 but several more FPs.
postmap fqrdns.pcre
postmap: warning: fqrdns.pcre.db: duplicate entry: "if"
postmap: warning: fqrdns.pcre, line 346: expected format: key whitespace value
postmap: warning: fqrdns.pcre, line 347: expected format: key whitespace value
postmap: warning: fqrdns.pcre.db: duplicate entry: "if"
postmap: warning: fqrdns.pcre, line 485: expected format: key whitespace value
postmap: warning: fqrdns.pcre.db: duplicate entry: "if"
postmap: warning: fqrdns.pcre.db: duplicate entry: "/^[12]?[0-9]{1,2}(-[12]?[0-9]{1,2}){3}.3g.claro.net.br$/"
postmap: warning: fqrdns.pcre.db: duplicate entry: "/^[12]?[0-9]{1,2}(-[12]?[0-9]{1,2}){3}.goodline.info$/"
postmap: warning: fqrdns.pcre.db: duplicate entry: "/^broadband(-[12]?[0-9]{1,2}){4}.nationalcablenetworks.ru$/"
postmap: warning: fqrdns.pcre.db: duplicate entry: "/^ppp(-[12]?[0-9]{1,2}){4}.dialup.tiscali.it$/"
postmap: warning: fqrdns.pcre, line 1732: expected format: key whitespace value
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.