Ran the same on my installation and all appears the same to me. Hmmmm, very odd, do you have a email in your quarantine that got tagged before which you could pass through again to test ?
[EMAIL PROTECTED] ~]# spamassassin --lint -D 2>&1 | grep -i botnet [26067] dbg: config: read file /etc/mail/spamassassin/Botnet.cf [26067] dbg: config: fixed relative path: /etc/mail/spamassassin/Botnet.pm [26067] dbg: plugin: loading Mail::SpamAssassin::Plugin::Botnet from /etc/mail/spamassassin/Botnet.pm [26067] dbg: Botnet: version 0.8 [26067] dbg: plugin: Mail::SpamAssassin::Plugin::Botnet=HASH(0x212a2ca0) implements 'parse_config', priority 0 [26067] dbg: Botnet: setting botnet_pass_auth to 0 [26067] dbg: Botnet: setting botnet_pass_trusted to public [26067] dbg: Botnet: adding ^127\.0\.0\.1$ to botnet_skip_ip [26067] dbg: Botnet: adding ^10\..*$ to botnet_skip_ip [26067] dbg: Botnet: adding ^172\.1[6789]\..*$ to botnet_skip_ip [26067] dbg: Botnet: adding ^172\.2[0-9]\..*$ to botnet_skip_ip [26067] dbg: Botnet: adding ^172\.3[01]\..*$ to botnet_skip_ip [26067] dbg: Botnet: adding ^192\.168\..*$ to botnet_skip_ip [26067] dbg: Botnet: adding ^128\.223\.98\.16$ to botnet_pass_ip [26067] dbg: Botnet: adding (\.|\A)amazon\.com$ to botnet_pass_domains [26067] dbg: Botnet: adding (\.|\A)apple\.com$ to botnet_pass_domains [26067] dbg: Botnet: adding (\.|\A)ebay\.com$ to botnet_pass_domains [26067] dbg: Botnet: adding (\b|\d).*dsl.*(\b|\d) to botnet_clientwords [26067] dbg: Botnet: adding (\b|\d)cable(\b|\d) to botnet_clientwords [26067] dbg: Botnet: adding (\b|\d)catv(\b|\d) to botnet_clientwords [26067] dbg: Botnet: adding (\b|\d)ddns(\b|\d) to botnet_clientwords [26067] dbg: Botnet: adding (\b|\d)dhcp(\b|\d) to botnet_clientwords [26067] dbg: Botnet: adding (\b|\d)dial(-?up)?(\b|\d) to botnet_clientwords [26067] dbg: Botnet: adding (\b|\d)dip(\b|\d) to botnet_clientwords [26067] dbg: Botnet: adding (\b|\d)docsis(\b|\d) to botnet_clientwords [26067] dbg: Botnet: adding (\b|\d)dyn(amic)?(ip)?(\b|\d) to botnet_clientwords [26067] dbg: Botnet: adding (\b|\d)modem(\b|\d) to botnet_clientwords [26067] dbg: Botnet: adding (\b|\d)ppp(oe)?(\b|\d) to botnet_clientwords [26067] dbg: Botnet: adding (\b|\d)res(net|ident(ial)?)?(\b|\d) to botnet_clientwords [26067] dbg: Botnet: adding (\b|\d)bredband(\b|\d) to botnet_clientwords [26067] dbg: Botnet: adding (\b|\d)client(\b|\d) to botnet_clientwords [26067] dbg: Botnet: adding (\b|\d)fixed(\b|\d) to botnet_clientwords [26067] dbg: Botnet: adding (\b|\d)ip(\b|\d) to botnet_clientwords [26067] dbg: Botnet: adding (\b|\d)pool(\b|\d) to botnet_clientwords [26067] dbg: Botnet: adding (\b|\d)static(\b|\d) to botnet_clientwords [26067] dbg: Botnet: adding (\b|\d)user(\b|\d) to botnet_clientwords [26067] dbg: Botnet: adding (\b|\d)e?mail(out)?(\b|\d) to botnet_serverwords [26067] dbg: Botnet: adding (\b|\d)mta(\b|\d) to botnet_serverwords [26067] dbg: Botnet: adding (\b|\d)mx(pool)?(\b|\d) to botnet_serverwords [26067] dbg: Botnet: adding (\b|\d)relay(\b|\d) to botnet_serverwords [26067] dbg: Botnet: adding (\b|\d)smtp(\b|\d) to botnet_serverwords [26067] dbg: Botnet: adding (\b|\d)exch(ange)?(\b|\d) to botnet_serverwords [26067] dbg: plugin: Mail::SpamAssassin::Plugin::Botnet=HASH(0x212a2ca0) implements 'parse_config', priority 0 [26067] dbg: rules: ran header rule __BOTNET_NOTRUST ======> got hit: "negative match" [26067] dbg: Botnet: starting [26067] dbg: Botnet: no trusted relays [26067] dbg: Botnet: All skipped/no untrusted [26067] dbg: Botnet: skipping [26067] dbg: check: subtests=__BOTNET_NOTRUST,__HAS_MSGID,__MISSING_REF,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__MSOE_MID_WRONG_CASE,__NONEMPTY_BODY,__SANE_MSGID,__SARE_WHITELIST_FLAG,__TVD_BODY,__UNUSABLE_MSGID Regards, --[ UxBoD ]-- // PGP Key: "curl -s https://www.splatnix.net/uxbod.asc | gpg --import" // Fingerprint: C759 8F52 1D17 B3C5 5854 36BD 1FB1 B02F 5DB5 687B // Keyserver: www.keyserver.net Key-ID: 0x5DB5687B // Phone: +44 845 869 2749 SIP Phone: [EMAIL PROTECTED] ----- Original Message ----- From: "Arthur Dent" <[EMAIL PROTECTED]> To: users@spamassassin.apache.org Sent: 09 January 2008 15:15:32 o'clock (GMT) Europe/London Subject: Re: BOTNET 0.8 + SA 3.2.3 On Wed, Jan 09, 2008 at 11:27:59AM +0000, UxBoD wrote: > Do you see if get picked up if you run a lint on your SA installation ? How does this look to you? Thanks for your help so far... AD $ spamassassin --lint -D 2>&1 | grep -i botnet [26514] dbg: config: read file /etc/mail/spamassassin/Botnet.cf [26514] dbg: config: fixed relative path: /etc/mail/spamassassin/Botnet.pm [26514] dbg: plugin: loading Mail::SpamAssassin::Plugin::Botnet from /etc/mail/spamassassin/Botnet.pm [26514] dbg: Botnet: version 0.8 [26514] dbg: plugin: Mail::SpamAssassin::Plugin::Botnet=HASH(0xa202954) implements 'parse_config', priority 0 [26514] dbg: Botnet: setting botnet_pass_auth to 0 [26514] dbg: Botnet: setting botnet_pass_trusted to public [26514] dbg: Botnet: adding ^127\.0\.0\.1$ to botnet_skip_ip [26514] dbg: Botnet: adding ^10\..*$ to botnet_skip_ip [26514] dbg: Botnet: adding ^172\.1[6789]\..*$ to botnet_skip_ip [26514] dbg: Botnet: adding ^172\.2[0-9]\..*$ to botnet_skip_ip [26514] dbg: Botnet: adding ^172\.3[01]\..*$ to botnet_skip_ip [26514] dbg: Botnet: adding ^192\.168\..*$ to botnet_skip_ip [26514] dbg: Botnet: adding ^128\.223\.98\.16$ to botnet_pass_ip [26514] dbg: Botnet: adding (\.|\A)amazon\.com$ to botnet_pass_domains [26514] dbg: Botnet: adding (\.|\A)apple\.com$ to botnet_pass_domains [26514] dbg: Botnet: adding (\.|\A)ebay\.com$ to botnet_pass_domains [26514] dbg: Botnet: adding (\b|\d).*dsl.*(\b|\d) to botnet_clientwords [26514] dbg: Botnet: adding (\b|\d)cable(\b|\d) to botnet_clientwords [26514] dbg: Botnet: adding (\b|\d)catv(\b|\d) to botnet_clientwords [26514] dbg: Botnet: adding (\b|\d)ddns(\b|\d) to botnet_clientwords [26514] dbg: Botnet: adding (\b|\d)dhcp(\b|\d) to botnet_clientwords [26514] dbg: Botnet: adding (\b|\d)dial(-?up)?(\b|\d) to botnet_clientwords [26514] dbg: Botnet: adding (\b|\d)dip(\b|\d) to botnet_clientwords [26514] dbg: Botnet: adding (\b|\d)docsis(\b|\d) to botnet_clientwords [26514] dbg: Botnet: adding (\b|\d)dyn(amic)?(ip)?(\b|\d) to botnet_clientwords [26514] dbg: Botnet: adding (\b|\d)modem(\b|\d) to botnet_clientwords [26514] dbg: Botnet: adding (\b|\d)ppp(oe)?(\b|\d) to botnet_clientwords [26514] dbg: Botnet: adding (\b|\d)res(net|ident(ial)?)?(\b|\d) to botnet_clientwords [26514] dbg: Botnet: adding (\b|\d)bredband(\b|\d) to botnet_clientwords [26514] dbg: Botnet: adding (\b|\d)client(\b|\d) to botnet_clientwords [26514] dbg: Botnet: adding (\b|\d)fixed(\b|\d) to botnet_clientwords [26514] dbg: Botnet: adding (\b|\d)ip(\b|\d) to botnet_clientwords [26514] dbg: Botnet: adding (\b|\d)pool(\b|\d) to botnet_clientwords [26514] dbg: Botnet: adding (\b|\d)static(\b|\d) to botnet_clientwords [26514] dbg: Botnet: adding (\b|\d)user(\b|\d) to botnet_clientwords [26514] dbg: Botnet: adding (\b|\d)e?mail(out)?(\b|\d) to botnet_serverwords [26514] dbg: Botnet: adding (\b|\d)mta(\b|\d) to botnet_serverwords [26514] dbg: Botnet: adding (\b|\d)mx(pool)?(\b|\d) to botnet_serverwords [26514] dbg: Botnet: adding (\b|\d)relay(\b|\d) to botnet_serverwords [26514] dbg: Botnet: adding (\b|\d)smtp(\b|\d) to botnet_serverwords [26514] dbg: Botnet: adding (\b|\d)exch(ange)?(\b|\d) to botnet_serverwords [26514] dbg: rules: ran header rule __BOTNET_NOTRUST ======> got hit: "negative match" [26514] dbg: Botnet: starting [26514] dbg: Botnet: no trusted relays [26514] dbg: Botnet: All skipped/no untrusted [26514] dbg: Botnet: skipping [26514] dbg: check: subtests=__BOTNET_NOTRUST,__HAS_MSGID,__HAVE_BOUNCE_RELAYS,__MISSING_REF,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__MSOE_MID_WRONG_CASE,__NONEMPTY_BODY,__SANE_MSGID,__TVD_BODY,__UNUSABLE_MSGID $ -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
