Matthias Haegele wrote: > Jari Fredriksson schrieb: >> Matt wrote: >>> I have added botnet to my Spamassassin install. It seems to have >>> helped quite a bit so far. I am just wandering about the 5 points >>> it gives for a hit. Is that too much? Does it have alot of false >>> positives or not? >>> >>> Matt >> >> I have yet to see a hit, none so far in production (botnet been on >> for 5 days now). > > Perhaps you use greylisting or similiar solutions already, or messages > get blocked by Blacklists on MTA-Level? >
No, no such measures. But starting spamd -D tells this 24069] dbg: Botnet: checking BADDNS [24069] dbg: Botnet: no trusted relays [24069] dbg: Botnet: All skipped/no untrusted [24069] dbg: Botnet: BADDNS skipped [24069] dbg: Botnet: checking CLIENTWORDS [24069] dbg: Botnet: client words regexp is((\b|\d)(a|s|d(yn)?)?dsl(\b|\d))|((\b|\d)cable(\b|\d))|((\b|\d)catv(\b|\d))|((\b|\d)ddns(\b|\d))|((\b|\d)dhcp(\b) [24069] dbg: Botnet: no trusted relays [24069] dbg: Botnet: All skipped/no untrusted [24069] dbg: Botnet: CLIENTWORDS skipped [24069] dbg: Botnet: checking SERVERWORDS [24069] dbg: Botnet: server words list is((\b|\d)mail(\b|\d))|((\b|\d)mta(\b|\d))|((\b|\d)mx(\b|\d))|((\b|\d)relay(\b|\d))|((\b|\d)smtp(\b|\d))|((\b|\d)exc) [24069] dbg: Botnet: no trusted relays [24069] dbg: Botnet: All skipped/no untrusted [24069] dbg: Botnet: SERVERWORDS skipped [24069] dbg: Botnet: starting [24069] dbg: Botnet: no trusted relays [24069] dbg: Botnet: All skipped/no untrusted [24069] dbg: Botnet: skipping [24069] dbg: Botnet: checking IPINHOSTNAME [24069] dbg: Botnet: no trusted relays [24069] dbg: Botnet: All skipped/no untrusted [24069] dbg: Botnet: IPINHOSTNAME skipped [24069] dbg: Botnet: checking for CLIENT [24069] dbg: Botnet: no trusted relays [24069] dbg: Botnet: All skipped/no untrusted [24069] dbg: Botnet: CLIENT skipped [24069] dbg: Botnet: checking for SOHO server [24069] dbg: Botnet: no trusted relays [24069] dbg: Botnet: All skipped/no untrusted [24069] dbg: Botnet: SOHO skipped [24069] dbg: Botnet: checking NORDNS [24069] dbg: Botnet: no trusted relays [24069] dbg: Botnet: All skipped/no untrusted [24069] dbg: Botnet: NORDNS skipped Seems that botnet disables itself? "No trusted relays?"
