Jari Fredriksson wrote:
Matthias Haegele wrote:
Jari Fredriksson schrieb:
Matt wrote:
I have added botnet to my Spamassassin install. It seems to have
helped quite a bit so far. I am just wandering about the 5 points
it gives for a hit. Is that too much? Does it have alot of false
positives or not?
Matt
I have yet to see a hit, none so far in production (botnet been on
for 5 days now).
Perhaps you use greylisting or similiar solutions already, or messages
get blocked by Blacklists on MTA-Level?
No, no such measures. But starting spamd -D tells this
[24069] dbg: Botnet: All skipped/no untrusted
[24069] dbg: Botnet: BADDNS skipped
That means that the messages you're testing with are only coming from IP
addresses you trust. Since Botnet skips looking at your own trusted
relays, in trying to find "the host that submitted the message to your
group of systems", that means it's having the same effect as the "all
trusted" rule.
Basically Botnet is telling you "this came from one of your own
machines, and I'm assuming you don't have a locally installed botnet,
thus I'm not going to waste time on figuring out anything for this message."
