Hi list,
I came across an e-mail originating at a customer domain hosted in a
dedicated server provided by my company, whose outgoing relay and
incoming MX are the same, namely mx0.<domain>, and that Botnet in my
server tagged with:
BOTNET=5, BOTNET_CLIENT=0.01, BOTNET_IPINHOSTNAME=0.01
The only matching rule seems to be coming from botnet_ipinhostname()
Reverse DNS is OK.
Could somebody tell what could have triggered the rule ? if the 0 (zero)
in the mx0 hostname , or the fact that they use the same server for
incoming or outgoing relay ? or maybe anything else I should look at ?
Thank you,
/Carlos
John Rudd wrote:
René Berber wrote:
John Rudd wrote:
[snip]
It can be downloaded from:
http://people.ucsc.edu/~jrudd/spamassassin/Botnet.tar
As usual, feedback, statistics, bug reports, feature suggestions, are
all welcome.
[snip]
Botnet 0.6 causes a timeout while MA is running SA on a DSN message.
It looks to me like it's not being caused by a DSN message, it's that
the IP doesn't have a PTR record, and your mail server has rather slow
DNS. Do you have a caching DNS server on your mail server, by chance?
