Account Options

  1. Sign in
The old Google Groups will be going away soon, but your browser is incompatible with the new version.
Google Groups Home
« Groups Home
comp.mail.sendmail
+ new post
About this group
Subscribe to this group
This is a Usenet group - learn more
How to make new FEATURE from my ruleset?
Options
There are currently too many topics in this group that display first. To make this topic appear first, remove this option from another topic.
There was an error processing your request. Please try again.
flag
   6 messages - Collapse all  -  Translate all to Translated (View all originals)
The group you are posting to is a Usenet group. Messages posted to this group will make your email address visible to anyone on the Internet.
Your reply message has not been sent.
Your post was successful
 
From:
To:
Cc:
Followup To:
Add Cc | Add Followup-to | Edit Subject
Subject:
Validation:
For verification purposes please type the characters you see in the picture below or the numbers you hear by clicking the accessibility icon. Listen and type the numbers you hear
 
Sciurus  
View profile  
 More options Jul 14 2009, 7:22 am
Newsgroups: comp.mail.sendmail
From: Sciurus <sciu...@mail.ru>
Date: Tue, 14 Jul 2009 04:22:03 -0700 (PDT)
Local: Tues, Jul 14 2009 7:22 am
Subject: How to make new FEATURE from my ruleset?
Print | Individual message | Show original | Report this message | Find messages by this author
I use 3 dnsbl and have a lot of false positives with nets of my
region.
Yes, nets that are listed with CONNECT tag in the access map are
skipped by the dnsbl checks.
I need to skip all regional class C nets. It takes up about 700
records.
Using of  "CONNECT:domain.ru   OK" is impossible due to lack of closed
PTR-A lookup.

I wrote new ruleset and now it takes up only 28 records. It works well
for 3 month. Now 14 blocks with 2 records are listed in the access
file:
# ufanet: 94.41.0-127
NETCONNECT:94.41                          0
PRCONNECT:94.41                            128

# BIS(BashInformSvyaz), DSL pool: 94.75.0-63
NETCONNECT:94.75                           0
PRCONNECT:94.75                            64

# bashnet: 213.189.224-255
NETCONNECT:213.189                    224
PRCONNECT:213.189                      32

The record with tag NETCONNECT: is the net.
The record with tag PRCONNECT: is the number of hosts of this net.

I didn't know how to make my own m4-file so I inserted new ruleset in
the proto.m4 directly.
But I would like to do it more correctly through new FEATURE.
Where is feature's creating described?


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Discussion subject changed to "Weaker DNSBL for "near by" countries [Was: How to make new FEATURE from my ruleset?]" by Andrzej Adam Filip
Andrzej Adam Filip  
View profile  
 More options Jul 14 2009, 11:31 am
Newsgroups: comp.mail.sendmail
From: Andrzej Adam Filip <Andrzej.Fi...@gmail.com>
Date: Tue, 14 Jul 2009 17:31:12 +0200
Local: Tues, Jul 14 2009 11:31 am
Subject: Weaker DNSBL for "near by" countries [Was: How to make new FEATURE from my ruleset?]
Print | Individual message | Show original | Report this message | Find messages by this author

Sciurus <sciu...@mail.ru> wrote:
> I use 3 dnsbl and have a lot of false positives with nets of my
> region.
> Yes, nets that are listed with CONNECT tag in the access map are
> skipped by the dnsbl checks.
> I need to skip all regional class C nets. It takes up about 700
> records.
> Using of  "CONNECT:domain.ru   OK" is impossible due to lack of closed
> PTR-A lookup.
> [...]

Have you considered using a tool to "skip remaining" tests for hosts in
a few near by/friendly countries based e.g. on zz.countries.nerd.dk?
( zz.countries.nerd.dk : IP to country mapping also available via rsync)

* tests for all hosts
  [ basic tests ]
* skip remaining tests for hosts in Russia
* additional tests for hosts outside Russia
* skip remaining tests for hosts outside a few "very bad countries"
* additional tests for hosts in a few few "very bad countries"
  [ reject on almost any excuse ]

You can use something like FEATURE(`anfi/rsdnsbl') [RS=reputation skip]
available at  http://open-sendmail.sourceforge.net/
You may combine it with FEATURE(`anfi/require_rdns) - it allows variable
strength checks of RDNS [ require_rdns provided by sendmail.org does
checks always after all other dnsbl checks ]

P.S.
FEATURE(`anfi/rsdnsbl') and FEATURE(`anfi/require_rdns) require no
patching of sendmail sources. They require adding new files in
cf/feature directory and recompiling sendmail.mc.

--
[pl>en Andrew] Andrzej Adam Filip : a...@onet.eu : Andrzej.Fi...@gmail.com
Open-Sendmail: http://open-sendmail.sourceforge.net/
The first Rotarian was the first man to call John the Baptist "Jack."
  -- H. L. Mencken


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Sciurus  
View profile  
 More options Jul 15 2009, 8:27 am
Newsgroups: comp.mail.sendmail
From: Sciurus <sciu...@mail.ru>
Date: Wed, 15 Jul 2009 05:27:11 -0700 (PDT)
Local: Wed, Jul 15 2009 8:27 am
Subject: Re: Weaker DNSBL for "near by" countries [Was: How to make new FEATURE from my ruleset?]
Print | Individual message | Show original | Report this message | Find messages by this author
> Have you considered using a tool to "skip remaining" tests for hosts in
> a few near by/friendly countries based e.g. on zz.countries.nerd.dk?
> ( zz.countries.nerd.dk : IP to country mapping also available via rsync)

Thank you for interesting info. I didn't know about this resource.
But my task is not to skip checking for all hosts in Russia. I say
only about nets in my region.

> You can use something like FEATURE(`anfi/rsdnsbl') [RS=reputation skip]
> available at  http://open-sendmail.sourceforge.net/
> You may combine it with FEATURE(`anfi/require_rdns) - it allows variable
> strength checks of RDNS [ require_rdns provided by sendmail.org does
> checks always after all other dnsbl checks ]

Yes, I know about this feature.

But my question is the same as before: where is feature's creating
described?
I often write my own rulesets but cannot write them as a FEATURE.


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
jmai...@ttec.com  
View profile  
 More options Jul 15 2009, 1:51 pm
Newsgroups: comp.mail.sendmail
From: jmai...@ttec.com
Date: Wed, 15 Jul 2009 10:51:17 -0700 (PDT)
Local: Wed, Jul 15 2009 1:51 pm
Subject: Re: Weaker DNSBL for "near by" countries [Was: How to make new FEATURE from my ruleset?]
Print | Individual message | Show original | Report this message | Find messages by this author
On Jul 15, 8:27 am, Sciurus <sciu...@mail.ru> wrote:

LOCAL_CONFIG

LOCAL_RULESETS

the rest you have to patch proto.m4 which actually works fairly well.

the features usually just turn on some m4 defs.

Otherwise you will be using divert


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Discussion subject changed to "How to make new FEATURE from my ruleset?" by Andrzej Adam Filip
Andrzej Adam Filip  
View profile  
 More options Jul 15 2009, 5:29 pm
Newsgroups: comp.mail.sendmail
From: Andrzej Adam Filip <Andrzej.Fi...@gmail.com>
Date: Wed, 15 Jul 2009 23:29:03 +0200
Local: Wed, Jul 15 2009 5:29 pm
Subject: Re: How to make new FEATURE from my ruleset?
Print | Individual message | Show original | Report this message | Find messages by this author

Sciurus <sciu...@mail.ru> wrote:
> I use 3 dnsbl and have a lot of false positives with nets of my
> region.
> Yes, nets that are listed with CONNECT tag in the access map are
> skipped by the dnsbl checks.
> I need to skip all regional class C nets. It takes up about 700
> records.
> Using of  "CONNECT:domain.ru   OK" is impossible due to lack of closed
> PTR-A lookup.
> [...]

Why can not you use IP address based connect entries?
[ for */24, */16 and */8 nets possibly with cidprexpand preprocessing]

--
[pl>en Andrew] Andrzej Adam Filip : a...@onet.eu : Andrzej.Fi...@gmail.com
Progress is impossible without change, and those who cannot change their
minds cannot change anything.
  -- G. B. Shaw


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Discussion subject changed to "Weaker DNSBL for "near by" countries" by Andrzej Adam Filip
Andrzej Adam Filip  
View profile  
 More options Jul 15 2009, 5:33 pm
Newsgroups: comp.mail.sendmail
From: Andrzej Adam Filip <Andrzej.Fi...@gmail.com>
Date: Wed, 15 Jul 2009 23:33:54 +0200
Local: Wed, Jul 15 2009 5:33 pm
Subject: Re: Weaker DNSBL for "near by" countries
Print | Individual message | Show original | Report this message | Find messages by this author

Sciurus <sciu...@mail.ru> wrote:
>[...]
> But my question is the same as before: where is feature's creating
> described?

I do not know any such "tutorial".

I think sendmail.org in practice recommends:
Use the force, read/analyze the source.

> I often write my own rulesets but cannot write them as a FEATURE.

Can you "deliver them" *without* patching cf/m4/proto.m4?

I have written a few features/hacks and only one of them
[FEATURE(`mrs')] could not be "delivered" without patching
cf/m4/proto.m4.

--
[pl>en Andrew] Andrzej Adam Filip : a...@onet.eu : Andrzej.Fi...@gmail.com
Let us endeavor so to live that when we come to die even the undertaker will
be sorry.
  -- Mark Twain, "Pudd'nhead Wilson's Calendar"


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
End of messages
« Back to Discussions « Newer topic     Older topic »

Create a group - Google Groups - Google Home - Terms of Service - Privacy Policy
©2012 Google