René Berber wrote:
Bret Miller wrote:
I keep saying that I have false positives with botnet, but haven't
substantiated that to date. So, today I'm spending a little time making
exceptions since I would like this to work. Here are todays:
[snip]
meridiencancun.com.mx, sent from IP , resolves to
customer-148-233-9-212.uninet-ide.com.mx #more stupidity
Here's a good example of why Botnet's default score is too high, those guys at
meridiencancun have a so called "Enterprise account" with their ISP, what they
get is a fixed IP and no control over reverse DNS, that's why the reverse
returns what the ISP configured. Best practices and other fiction don't apply
to the real world in cases like this.
As for "best practices" being "fiction" that "doesn't apply to the real
world" ... it's rinky-dink mail servers run by people with half-assed
opinions like that that cause there to be such a huge number of
exploited mail servers on the planet.
People who think "best practices" are "fiction" are the scourge that
makes the internet such an unreliable place.
Here kid, have a nickel. Go buy yourself a real mail server.
Yes it can be called stupidity, but in this case is the ISP and the legitimate
business can't do much about it; very few ISPs in the .mx zone allow you any
control over reverse DNS, perhaps none in the region that hotel operates.
And if they had done something intelligent, like having their mail
domain (meridiencancun.com.mx) have an A record that points to that same
static IP address ... or have an MX record that points back to a
hostname with that static IP address, then Botnet wouldn't catch them.
The only fiction here is that they need to have control of their rDNS in
order to get an exemption from Botnet.
