On 5/12/07, Matthias Haegele <[EMAIL PROTECTED]> wrote:
I am not sure if the botnet plugin would catch these, but are you using the botnet plugin at all and sare-rules (www.rulesemporium.com).
I installed the botnet plugin today, but it's not going to help anyway.. The IPs these are coming from resolve to a variety of different hostnames, all without triggering botnet at all. I'm using sa-update with the openprotect.com feed. That should be a full set of version 0 rules from SARE.
this 2 do a great job here, along with some helo-checks at mta Level and dial-up blacklists
I'm using the spamhaus zen list that catches dial-ups. I'm not using helo checks, but again, those have no effect against these messages, so it doesn't gain me much...
dcc, razor, pyzor?
Yeah.. I'll look into these.. I don't have any of them set up at the moment.
hth MH
Ugh. I hate spammers... -- Jason 'XenoPhage' Frisvold [EMAIL PROTECTED] http://blog.godshell.com
