Actually, I have them set correctly. I receive email straight from the internet and most mail do not go thru internal forwarders. I have no trusted machines outside of my department as many machines outside the department is not under my control and a few of them is known to have generated spam and became botnet. Putting these forwarders as trusted in spamassassin is not a good idea. Skipping them for botnet checking makes more sense as it will make botnet checking more accurate.
The issue is started as some other departmental servers stopped checking spam for internally forwarded email to reduce their load and some of my users forward their email from other departmental servers. Hanz Daryl C. W. O'Shea wrote: > > hanz wrote: >> Thanks for the explanation and quick replies from everyone. I was >> definitely >> wrong in my assumption on how botnet works. >> >> I think I understand the issue now and my problem can easily be fixed by >> skipping the IPs or my internal forwarders. >> >> That is adding the following to botnet.cf fixed it. >> >> botnet_skip_ip ^128\.6\.72\.254$ >> botnet_skip_ip ^128\.6\.72\.72$ >> botnet_skip_ip ^128\.6\.31\.85$ >> botnet_skip_ip ^128\.6\.31\.86$ > > It sounds like you haven't configured SpamAssassin for use on your > network if the above config is necessary to make the Botnet plugin work > (assuming the Botnet plugin DTRT in regards to what IPs it checks). > > You should have the IPs of your internal forwarders included in your > trusted and internal network of your SpamAssassin config, along with any > other appropriate IPs. > > > Daryl > > > > -- View this message in context: http://www.nabble.com/Botnet-0.8-Plugin-is-available-%28FINALLY%21%21%21%29-tf4221965.html#a12997150 Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
