Erik Dasque wrote:
Once installed, how do I know it's working ?
If you take a message that came from a host with no reverse DNS, bad DNS
(if you're using sendmail, and it said "[may be forged]" in the received
header), or a machine that has any other "botnet like characteristics",
then you can do (in sh, ksh, or bash):
spamassassin -D < $msg 2>&1 | grep -i botnet
and look for any output.
Also, what's the perl file
for ? I only copied the pm & cf files to the sa plugin directory.
As I said in the release announcement, and in the original message in
this thread:
2) Botnet API -- want to include the Botnet.pm module in other Perl
code? Maybe call "check_botnet" from mimedefang-filter so you can block
before a message gets to SpamAssassin? I've made an API for it. The
routines that SA calls use this API, so it's the _exact_same_ code.
There's now an included perl program "Botnet.pl" which takes an IP
address CLI argument, and an optional main-domain CLI argument. It will
tell you which rules do and don't get triggered. It also serves as an
example of using the API. (you will still need to have SpamAssassin
installed in order to use Botnet.pm in this fashion, even if you're
using the API in a program that doesn't call SA)
The perl file (.pl file) is a program you can run, as follows:
Botnet.pl ip.add.re.ss mail.domain.tld
and will tell you what Botnet would do with that ip address and mail domain.
You _might_ need to adjust the include directories for the script,
depending on where you put it, where you put the .pm file, and where you
run it from.
For regular spam assassin use, you just need the .cf and .pm files.
Just like the install directions say.
Erik
On Dec 21, 2006, at 8:07 AM, John Rudd wrote:
Tim B. wrote:
John Rudd wrote:
out of curiosity, which release branches of SA is supported with this
plugin? the 3.1.x & 3.0.x or just the 3.1.x?
I've only tried it on 3.1.7.
