...I wonder how to deal with the cases where there is a legitimate
internal mailserver behind dialup-IPs. There are quite a few small
companies that have a small home office network behind a dialup DSL
and run an internal mailserver which relays external mail to the mailserver
of their provider which then delivers to the destination.
That seems perfectly okay to me and very distinct from the botnet case
where mails from dialup-IPs are sent _directly_ to the destination MX.
But the BOTNET rules don't differentiate these two cases.
What do you think how to deal with that? How do YOU deal with it?
I'd really hate to lower the BOTNET scores but otoh if it hits
legit mailservers too....?
Thanks,
Andy.
PS: Shouldn't the BOTNET_SOHO rule avoid a high BOTNET score in these cases?
Or do I have to set the score for BOTNET_SOHO manually???
--
Warning: This email, when printed on paper, has sharp edges.
Handle with care or serious injury may result.
