Hm. I don't see anything wrong with that domain. I'll look into it.
Carlos Horowicz wrote:
Hi John,
the IP Address is 64.76.24.252 and the domain is comintec.net , Botnet
version is 0.6 under SA 3.1.7
THanks,
-Carlos
John Rudd wrote:
I would have to know the IP address of the relay in order to give a
meaningful answer. Just the 0 shouldn't have been enough. Though, if
one of the octets is 0, and you're using an older version of botnet,
it might have matched that one octet twice. That's a bug I'm pretty
sure I fixed in 0.6.
Carlos Horowicz wrote:
Hi list,
I came across an e-mail originating at a customer domain hosted in a
dedicated server provided by my company, whose outgoing relay and
incoming MX are the same, namely mx0.<domain>, and that Botnet in my
server tagged with:
BOTNET=5, BOTNET_CLIENT=0.01, BOTNET_IPINHOSTNAME=0.01
The only matching rule seems to be coming from botnet_ipinhostname()
Reverse DNS is OK.
Could somebody tell what could have triggered the rule ? if the 0
(zero) in the mx0 hostname , or the fact that they use the same
server for incoming or outgoing relay ? or maybe anything else I
should look at ?
Thank you,
/Carlos
John Rudd wrote:
René Berber wrote:
John Rudd wrote:
[snip]
It can be downloaded from:
http://people.ucsc.edu/~jrudd/spamassassin/Botnet.tar
As usual, feedback, statistics, bug reports, feature suggestions, are
all welcome.
[snip]
Botnet 0.6 causes a timeout while MA is running SA on a DSN message.
It looks to me like it's not being caused by a DSN message, it's
that the IP doesn't have a PTR record, and your mail server has
rather slow DNS. Do you have a caching DNS server on your mail
server, by chance?
