On 22.3.2010 16:51, micah anderson wrote: > On Wed, 17 Mar 2010 14:45:53 -0700, John Rudd <jr...@ucsc.edu> wrote: >> Some people need to put in some alternate values for DNS timeouts, but >> if you've got a local caching name server, you typically don't need >> that. >> >> There aren't any actual bugs in it that I'm aware of, so I haven't >> released a new version. As I see it, there isn't a need (and that is >> a somewhat controversial statement with some of the more opinionated >> people around here). >> >> I do still see some things that get nailed by it ... but there's lots >> of those same hosts that get caught by the Spamhaus PBL. So, it kind >> of depends on what you're doing with PBL and/or Zen, as to whether or >> not you need Botnet. But, there are still plenty of things coming >> from that class of hosts, so if you don't use one, I'd definitely >> recommend using the other. > > Yeah, I've been having problems recently which I think are related to me > using both Zen/PBL along with the Botnet plugin weighted to score level > 5, even if I were to have it lower at 3 it would still be too much. > > Many users are complaining and when I finally get some useful messages > with headers to analyze I am finding something like the following: > > X-Spam-Report: > * 3.3 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL > * [213.6.61.151 listed in zen.dnsbl] > * 1.0 RCVD_IN_BRBL RBL: Received via relay listed in Barracuda RBL > * [213.6.61.151 listed in b.barracudacentral.org] > * 1.4 RCVD_IN_BRBL_LASTEXT RBL: RCVD_IN_BRBL_LASTEXT > * [213.6.61.151 listed in bb.barracudacentral.org] > * 0.0 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP > address > * [213.6.61.151 listed in dnsbl.sorbs.net] > * 0.8 SPF_NEUTRAL SPF: sender does not match SPF record (neutral) > * 5.0 BOTNET Relay might be a spambot or virusbot > * > [botnet0.8,ip=213.6.61.151,rdns=a61-151.adsl.paltel.net,maildomain=palnet.com,client,ipinhostname,clientwords] > * 1.0 RDNS_DYNAMIC Delivered to internal network by host with > * dynamic-looking rDNS > > This brings it over the 8 threshold, although it is a legitimate email > From a user who has unfortunately been saddled with a dynamic IP that > previously was used by a spammer. No amount of explanation to these > users about this is going to assuage their feelings, and there isn't > really anything that can be done by them. They can complain to their ISP > I guess, they could also find another ISP, but these are not > particularly productive steps towards resolving this problem. > > I'm interested in other suggestions that I offer people as alternatives, > but until then I think I may need to remove Botnet from the equation. > > micah
It looks like the sender has operated his own smtp server and not used his ISP as a smart host. That is bad practice, with a real server not a single of those rules would have triggeted. Especially Botnet does not have any knowledge about earlier spamming. Botnet does not care. -- http://www.iki.fi/jarif/ Q: What is purple and concord the world? A: Alexander the Grape.
signature.asc
Description: OpenPGP digital signature
