On Tue, 09 May 2017 09:10:37 -0500 Chris wrote:
> Last night I changed the Botnet score to 1.0 and restarted SA however > I see above that it still gave it a '5'. > > describe BOTNET Relay might be a spambot > or virusbot > header BOTNET eval:botnet() > score BOTNET 1.0 Maybe you have this score set in more than one place. > I also added this line to the Botnet.cf > (botnet_pass_domains mailer190173.service.govdelivery\.com) I don't know why this wouldn't work, if that was the actual rDNS, but you probably want something more general like: botnet_pass_domains service\.govdelivery\.com
