Hi, >> > I seem to remember a botnet plugin from about 2010, but didn't think >> > it was maintained or worked properly anymore? >> >> That very same. Seems to work fine, so I have not disabled it. > > It works for me too, but I don't have any IPv6. > > IIRC at one time it FP'ed on IPv6, and I'm not sure if this was fixed.
I knew there was a reason I disabled it: * 0.01 BOTNET Relay might be a spambot or virusbot * [botnet0.9,ip=72.166.183.235,rdns=p1-183235.e.target.com,maildomain=e.target.com,client,ipinhostname] I enabled them with a lower score, and it still catches a ton of good mail that comes from poorly configured systems. Maybe when this plugin was written it wasn't common to have an IP in a mail server's hostname, but these days it is. * 0.01 BOTNET_IPINHOSTNAME Hostname contains its own IP address * [botnet_ipinhosntame,ip=72.166.183.235,rdns=p1-183235.e.target.com] There are dozens of other examples. Perhaps it would work in a meta with a low score, but I think it needs more current development. Thanks, Alex
