On Thursday 28 January 2010 14:40:56 Graham Murray wrote:
> Since upgrading to SA 3.3.0, botnet (version 0.8) is showing a false
> positive on every email I receive via IPv6.
Has anyone contacted the author?
A sample header field:
Received: from mx2.freebsd.org (mx2.freebsd.org [IPv6:2001:4f8:fff6::35])
by mail.ijs.si (Postfix) with ESMTP
for <x...@xxx>; Fri, 29 Jan 2010 12:01:43 +0100 (CET)
And the associated logging:
dbg: config: read file /etc/mail/spamassassin/Botnet.cf
dbg: config: fixed relative path: /etc/mail/spamassassin/Botnet.pm
dbg: plugin: loading Mail::SpamAssassin::Plugin::Botnet from
/etc/mail/spamassassin/Botnet.pm
dbg: Botnet: version 0.8
dbg: plugin: Mail::SpamAssassin::Plugin::Botnet=HASH(0x452a79f0) implements
'parse_config', priority 0
dbg: Botnet: setting botnet_pass_auth to 0
dbg: Botnet: setting botnet_pass_trusted to public
dbg: Botnet: adding ^127\.0\.0\.1$ to botnet_skip_ip
dbg: Botnet: adding ^10\..*$ to botnet_skip_ip
dbg: Botnet: adding ^172\.1[6789]\..*$ to botnet_skip_ip
dbg: Botnet: adding ^172\.2[0-9]\..*$ to botnet_skip_ip
dbg: Botnet: adding ^172\.3[01]\..*$ to botnet_skip_ip
dbg: Botnet: adding ^192\.168\..*$ to botnet_skip_ip
dbg: Botnet: adding ^128\.223\.98\.16$ to botnet_pass_ip
dbg: Botnet: adding (\.|\A)amazon\.com$ to botnet_pass_domains
dbg: Botnet: adding (\.|\A)apple\.com$ to botnet_pass_domains
dbg: Botnet: adding (\.|\A)ebay\.com$ to botnet_pass_domains
dbg: Botnet: adding (\b|\d).*dsl.*(\b|\d) to botnet_clientwords
dbg: Botnet: adding (\b|\d)cable(\b|\d) to botnet_clientwords
dbg: Botnet: adding (\b|\d)catv(\b|\d) to botnet_clientwords
dbg: Botnet: adding (\b|\d)ddns(\b|\d) to botnet_clientwords
dbg: Botnet: adding (\b|\d)dhcp(\b|\d) to botnet_clientwords
dbg: Botnet: adding (\b|\d)dial(-?up)?(\b|\d) to botnet_clientwords
dbg: Botnet: adding (\b|\d)dip(\b|\d) to botnet_clientwords
dbg: Botnet: adding (\b|\d)docsis(\b|\d) to botnet_clientwords
dbg: Botnet: adding (\b|\d)dyn(amic)?(ip)?(\b|\d) to botnet_clientwords
dbg: Botnet: adding (\b|\d)modem(\b|\d) to botnet_clientwords
dbg: Botnet: adding (\b|\d)ppp(oe)?(\b|\d) to botnet_clientwords
dbg: Botnet: adding (\b|\d)res(net|ident(ial)?)?(\b|\d) to botnet_clientwords
dbg: Botnet: adding (\b|\d)bredband(\b|\d) to botnet_clientwords
dbg: Botnet: adding (\b|\d)client(\b|\d) to botnet_clientwords
dbg: Botnet: adding (\b|\d)fixed(\b|\d) to botnet_clientwords
dbg: Botnet: adding (\b|\d)ip(\b|\d) to botnet_clientwords
dbg: Botnet: adding (\b|\d)pool(\b|\d) to botnet_clientwords
dbg: Botnet: adding (\b|\d)static(\b|\d) to botnet_clientwords
dbg: Botnet: adding (\b|\d)user(\b|\d) to botnet_clientwords
dbg: Botnet: adding (\b|\d)e?mail(out)?(\b|\d) to botnet_serverwords
dbg: Botnet: adding (\b|\d)mta(\b|\d) to botnet_serverwords
dbg: Botnet: adding (\b|\d)mx(pool)?(\b|\d) to botnet_serverwords
dbg: Botnet: adding (\b|\d)relay(\b|\d) to botnet_serverwords
dbg: Botnet: adding (\b|\d)smtp(\b|\d) to botnet_serverwords
dbg: Botnet: adding (\b|\d)exch(ange)?(\b|\d) to botnet_serverwords
dbg: Botnet: starting
dbg: Botnet: public trusted relays not found
dbg: Botnet: get_relay good RDNS
dbg: Botnet: IP is '2001:4f8:fff6::35'
dbg: Botnet: RDNS is 'mx2.freebsd.org'
dbg: Botnet: HELO is 'mx2.freebsd.org'
dbg: Botnet: sender 'owner-freebsd-curr...@freebsd.org'
warn: Argument "2001:4f8:fff6::35" isn't numeric in multiplication (*) at
/etc/mail/spamassassin/Botnet.pm line 772.
warn: Use of uninitialized value $b in multiplication (*) at
/etc/mail/spamassassin/Botnet.pm line 772.
warn: Use of uninitialized value $c in multiplication (*) at
/etc/mail/spamassassin/Botnet.pm line 772.
warn: Use of uninitialized value $d in addition (+) at
/etc/mail/spamassassin/Botnet.pm line 772.
warn: Argument "2001:4f8:fff6::35" isn't numeric in multiplication (*) at
/etc/mail/spamassassin/Botnet.pm line 774.
warn: Use of uninitialized value $b in multiplication (*) at
/etc/mail/spamassassin/Botnet.pm line 774.
warn: Use of uninitialized value $c in addition (+) at
/etc/mail/spamassassin/Botnet.pm line 774.
warn: Use of uninitialized value $b in multiplication (*) at
/etc/mail/spamassassin/Botnet.pm line 775.
warn: Use of uninitialized value $c in multiplication (*) at
/etc/mail/spamassassin/Botnet.pm line 775.
warn: Use of uninitialized value $d in addition (+) at
/etc/mail/spamassassin/Botnet.pm line 775.
warn: Argument "2001:4f8:fff6::35" isn't numeric in multiplication (*) at
/etc/mail/spamassassin/Botnet.pm line 776.
warn: Use of uninitialized value $b in addition (+) at
/etc/mail/spamassassin/Botnet.pm line 776.
warn: Use of uninitialized value $b in multiplication (*) at
/etc/mail/spamassassin/Botnet.pm line 777.
warn: Use of uninitialized value $c in addition (+) at
/etc/mail/spamassassin/Botnet.pm line 777.
warn: Use of uninitialized value $c in multiplication (*) at
/etc/mail/spamassassin/Botnet.pm line 778.
warn: Use of uninitialized value $d in addition (+) at
/etc/mail/spamassassin/Botnet.pm line 778.
warn: Argument "2001:4f8:fff6::35" isn't numeric in sprintf at
/etc/mail/spamassassin/Botnet.pm line 783.
warn: Use of uninitialized value $b in sprintf at
/etc/mail/spamassassin/Botnet.pm line 784.
warn: Use of uninitialized value $c in sprintf at
/etc/mail/spamassassin/Botnet.pm line 785.
warn: Use of uninitialized value $d in sprintf at
/etc/mail/spamassassin/Botnet.pm line 786.
warn: Use of uninitialized value $b in concatenation (.) or string at
/etc/mail/spamassassin/Botnet.pm line 795.
warn: Use of uninitialized value $b in concatenation (.) or string at
/etc/mail/spamassassin/Botnet.pm line 795.
warn: Use of uninitialized value $c in concatenation (.) or string at
/etc/mail/spamassassin/Botnet.pm line 795.
warn: Use of uninitialized value $c in concatenation (.) or string at
/etc/mail/spamassassin/Botnet.pm line 795.
warn: Use of uninitialized value $d in concatenation (.) or string at
/etc/mail/spamassassin/Botnet.pm line 795.
warn: Use of uninitialized value $d in concatenation (.) or string at
/etc/mail/spamassassin/Botnet.pm line 795.
warn: Use of uninitialized value $c in concatenation (.) or string at
/etc/mail/spamassassin/Botnet.pm line 795.
warn: Use of uninitialized value $c in concatenation (.) or string at
/etc/mail/spamassassin/Botnet.pm line 795.
warn: Use of uninitialized value $b in concatenation (.) or string at
/etc/mail/spamassassin/Botnet.pm line 795.
warn: Use of uninitialized value $b in concatenation (.) or string at
/etc/mail/spamassassin/Botnet.pm line 795.
dbg: Botnet: hit (baddns)
dbg: rules: ran eval rule BOTNET ======> got hit (1)
dbg: check:
tests=AWL,BAYES_20,BOTNET,BOTNET_OTHER,CRM114_CHECK,DCC_CHECK,DKIM_SIGNED,RP_MATCHES_RCVD,SPF_PASS,T_DKIM_INVALID,T_DNSBL_INDIRECT_UNSAFE,T_DNSBL_INDIRECT_UNSAFE_2,T_RP_MATCHES_RCVD,VIA_ML
0.1 BOTNET Relay might be a spambot or virusbot
[botnet0.8,ip=2001:4f8:fff6::35,rdns=mx2.freebsd.org,maildomain=freebsd.org,baddns]
Mark
