LRED - Luno's Regular Expressions of Dynamic addresses

LRED is a regularly-updated list of Perl-Compatible Regular Expressions (PCRE), which match a large number of domain name patterns that are assigned to dynamic addresses. If a host matches one of these patterns, it is likely to be a dynamic host, whether on cable, dialup or DSL.

Dynamic hosts are often infected with worms or trojans, then used as spam relays. This list can help you reject mail from these systems. I recommend using the LRED list in addition to dns-based RBLs, as it offers an additional layer of protection against spam. This combined technique has been very effective in reducing the amount of spam recieved from these so-called "zombie mailers".

How it works:
1. Your Mail Transfer Agent (MTA, Postfix, Exim, Sendmail, etc) receives an incoming connection from a "client" machine.
2. The MTA does a reverse DNS lookup on the client's IP address to find a name.
3. If the DNS lookup fails (no name for that IP), the MTA should be configured to provide a soft (4xx) error to the client. This prevents throwing away valid incoming mail during a DNS outage.
4. The name provided by the DNS lookup is checked against the LRED list, rejecting the connection if there is a match.

This list is intended for use with any PCRE-compatible filter (or module) for a mail transfer agent, such as Postfix, Exim or Sendmail. It is tested with Postfix on Debian GNU/Linux.

For Postfix, this file can be installed as /etc/postfix/access.client. For other mailers, see your MTA documentation.

The LRED list is the product of over 2 years of research and analysis of over 20,000 spam messages. If you have a large spam corpus of your own (1000 or more messages, confirmed as spam) that you wish to contribute to the research, please submit a feature request. The first "Received:" line of each message must contain a host with a dynamic IP. Please do not submit messages with sources that already match the LRED list or sources that are open relays with static IP addresses.

Releases