Bug 3200

Summary: new rules: dynamic/no-rDNS-for-IP
Product: Spamassassin Reporter: Kai <kai-sa-bugs>
Component: RulesAssignee: SpamAssassin Developer Mailing List <dev>
Status: RESOLVED WONTFIX    
Severity: normal Keywords: mc
Priority: P3    
Version: unspecified   
Target Milestone: Future   
Hardware: All   
OS: other   
Whiteboard:

Description Kai 2004-03-21 14:16:49 UTC 
the following rules are attempting to mark incoming mail coming in
directly from dynamic/dialup/cable/dsl IPs. Unfortunately, some of
the header semantics (like "(may be forged)") are Sendmail-specific,
and all rely on a match for the receiving host (here: "by conti.nu").
Maybe someone can suggest a way of re-writing this into written
code, to match only on the first "trusted" header line?

Something tells me that we should be applying a lot of DNSBL tests
only on such specific header lines, too.


# conti.nu-specific
header  RX_DYN_HOST_CUSTOM      Received =~ /(?:ppp.*?|dialup.*?|dial|.dsl|.*?
adsl.*?|\.cable|\.modem|\.pool.*?|\.dyn|\.d
ynamic|\.abo|\.client|\..*?-ip|\...\.shawcable\.net|\.in-
addr|\.cablemodem|dhcp.*?|resnet)\..*?\..*by conti.nu /i
describe RX_DYN_HOST_CUSTOM     Received directly from dialup/cable/dsl host 
(custom rule)
score   RX_DYN_HOST_CUSTOM      2.0

# conti.nu-specific
# with 4 numeric elements concatenated with a hyphen - too strict?
# header        RX_DYN_HOST2_CUSTOM     Received =~ /\(.*\d{1,3}-\d{1,3}-\d
{1,3}-\d{1,3}.*\).*by conti.nu /i
# with 3 numeric elements concatenated with a hyphen - seen quite often, such 
as in:
#       m235.net81-64-119.noos.fr [81.64.119.235]
header  __RX_DYN_HOST2_CUSTOM   Received =~ /\(.*\d{1,3}-\d{1,3}-\d
{1,3}.*\).*by conti.nu /i
# but do not score if we already matched the dialup/cable/DSL rule
meta    RX_DYN_HOST2_CUSTOM     (__RX_DYN_HOST2_CUSTOM && !RX_DYN_HOST_CUSTOM)
describe RX_DYN_HOST2_CUSTOM    Received directly from host with script-
generated rDNS name (custom rule)
score   RX_DYN_HOST2_CUSTOM     2.0

# conti.nu-specific
header  RX_FROM_NODNS_HOST      Received =~ /\(\[\d+\.\d+\.\d+\.\d+\]\).*by 
conti.nu /i
describe RX_FROM_NODNS_HOST     Received directly from host with no rDNS 
(custom rule)
score   RX_FROM_NODNS_HOST      2.0

# conti.nu-specific
header  RX_FROM_FORGEDDNS_HOST  Received =~ /\(.*?\[\d+\.\d+\.\d+\.\d+\] \(may 
be forged\)\).*by conti.nu /i
describe RX_FROM_FORGEDDNS_HOST Received directly from host with forged rDNS 
(custom rule)
score   RX_FROM_FORGEDDNS_HOST  1.5
Comment 1 Justin Mason 2004-12-17 17:48:01 UTC 
NEEDSMC

(testing a new feature, pls ignore!)
Comment 2 Auto-Mass-Checker 2005-01-06 23:16:22 UTC 
 [automatically generated by automc: start]
# DONEMC 1: completed request from comment 1

OVERALL%   SPAM%     HAM%     S/O    RANK   SCORE  NAME
  15993     7995     7998    0.500   0.00    0.00  (all messages)
100.000  49.9906  50.0094    0.500   0.00    0.00  (all messages as %)
  0.625   0.2751   0.9752    0.220   0.00    0.00  MC_RX_DYN_HOST_CUSTOM
  0.625   0.2752   0.9752    0.220   0.00    0.00  MC_RX_DYN_HOST2_CUSTOM
  0.625   0.2753   0.9752    0.220   0.00    0.00  MC_RX_FROM_NODNS_HOST
  0.625   0.2754   0.9752    0.220   0.00    0.00  MC_RX_FROM_FORGEDDNS_HOST
 [automatically generated by automc: end]
Comment 3 Justin Mason 2005-01-06 23:19:48 UTC 
hmph!  those aren't the correct freqs btw. testing something...
Comment 4 Justin Mason 2005-01-14 19:58:34 UTC 
NEEDSMC 0-1
Comment 5 Daniel Quinlan 2005-03-30 01:09:12 UTC 
move bug to Future milestone (previously set to Future -- I hope)
Comment 6 Justin Mason 2007-01-15 09:42:58 UTC 
we now have similar rules in 3.2.0; RDNS_DYNAMIC and RDNS_NONE