John is absolutely correct here. Just be careful to ensure proper checking of the 2nd octect of the 172.x.x.x space, and ensure that it is in the 16-31 range. Otherwise you will be bypassing a very large chunk of AOL.com address space without checks.
-----Original Message----- From: John D. Hardin [mailto:[EMAIL PROTECTED] Sent: Thursday, January 04, 2007 5:49 PM To: John Rudd Cc: Jens Schleusener; Dimitri Yioulos; users@spamassassin.apache.org Subject: Re: Botnet-0.7 not working On Thu, 4 Jan 2007, John Rudd wrote: > > is the causer since the test server receives the mails from a mail > > relay that uses a private 172.x.x.x address. Debug extract with the > > default configuration: > > Is that a typo? Did you mean 127.x.x.x? Nope. 172.[16-31].x.x are reserved for uncoordinated private use the same way 10.x.x.x and 192.168.x.x are. See http://www.faqs.org/rfcs/rfc1918.html botnet should probably be ignoring them completely, just like is does 127.x.x.x -- John Hardin KA7OHZ http://www.impsec.org/~jhardin/ [EMAIL PROTECTED] FALaholic #11174 pgpk -a [EMAIL PROTECTED] key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 ----------------------------------------------------------------------- Windows Vista: Windows ME for the XP generation. ----------------------------------------------------------------------- 13 days until Benjamin Franklin's 301st Birthday
