Those work, but:
a) you should look at the Botnet plugin. I just posted an announcement
about it this morning. I renamed "RelayChecker" to Botnet a few weeks
ago. I've done at least one code update since then.
b) if you stick with the one you've got, remove the line that has
"128\.114\.125" in it. That's my mail server block. You don't really
need to have that in your config.
Noc Phibee wrote:
Hi,
this is my RelayChecker config:
# load the plugin
loadplugin RelayChecker RelayChecker.pm
# configuration settings
relaychecker_pass_auth 0
relaychecker_reduced_dns 0
relaychecker_skip_ip ^127\.0\.0\.1$
relaychecker_skip_ip ^128\.114\.125\..*$
relaychecker_pass_ip ^10\.0\.0\..*$
relaychecker_keywords = cable catv ddns dhcp dial-?up dip dsl dynamic
modem ppp
# slightly more controversial keywords
relaychecker_keywords = client fixed pool static user
# the Rules
describe RELAY_CHECKER Any RelayChecker rule hit
meta RELAY_CHECKER ((
RELAY_CHECKER_KEYWORDS + RELAY_CHECKER_IPHOSTNAME + RELAY_CHECKER_BADDNS
+ RELAY_CHECKER_NORDNS) > 0)
score RELAY_CHECKER 6.0
describe RELAY_CHECKER_NORDNS No PTR record
header RELAY_CHECKER_NORDNS eval:relay_checker_nordns()
score RELAY_CHECKER_NORDNS 0.01
describe RELAY_CHECKER_BADDNS Doesn't have full circle
DNS
header RELAY_CHECKER_BADDNS eval:relay_checker_baddns()
score RELAY_CHECKER_BADDNS 0.01
describe RELAY_CHECKER_IPHOSTNAME Hostname contains IP
address
header RELAY_CHECKER_IPHOSTNAME
eval:relay_checker_iphostname()
score RELAY_CHECKER_IPHOSTNAME 0.01
describe RELAY_CHECKER_KEYWORDS Hostname matches keywords
header RELAY_CHECKER_KEYWORDS
eval:relay_checker_keywords()
score RELAY_CHECKER_KEYWORDS 0.01
i thnk's it's the default install, this value are correct or small ?
Thanks bye
