Duncan Hill wrote:
On Monday 11 December 2006 16:16, John Rudd wrote:
Duncan Hill wrote:
I just finished a very quick test of the Botnet tool, and the sheer
number of FPs against eBy mail coming from eBay's servers was staggering
- literally every single mail from eBay. It also, for my testing, hit on
a lot of legitimate ham - mostly with BADDNS. I'll run another test
later, but I've got to move on to other things now.
The botnet_pass_domain entry for ebay, in the default Botnet.cf file,
didn't exempt ebay messages from the Botnet rules?
No, they send mail from servers that reverse to emailebay.com.
You sure about that? email I get from ebay has hostnames like:
mxpool22.ebay.com
which is covered by the botnet_pass_domain entry for ebay.
(before I added word boundary checking, the serverword for "mx" would
have covered it too)
I haven't seen anything from emailebay.com
Further, the IP address that is resolved by emailebay.com doesn't appear
to be allocated to ebay. It's allocated to savvis.net. The
registration information is _completely_ different from what ebay.com's
IP address registration says.
I'm _highly_ skeptical that emailebay.com has anything to do with ebay.com.
