> Botnet 0.8 is up and available. It took me a while (things have been
> REALLY busy at work for the last 6 months), but it's there.
> http://people.ucsc.edu/~jrudd/spamassassin/Botnet-0.8.tar
ooking at the debug code, I notice that botnet,pm version 0.8 is only
checking the last server IP and not all IPs in the path.
example path the mail went thru:
[32635] dbg: dns: IPs found: full-external: 128.6.72.72, 127.0.0.1,
127.0.0.1, 128.6.31.86, 128.6.72.254, 127.0.0.1, 127.0.0.1, 128.6.31.85,
59.144.126.12, 59.144.126.12 untrusted: 128.6.72.72, 128.6.31.86,
128.6.72.254, 128.6.31.85, 59.144.126.12 originating:
example debug code
[32635] dbg: Botnet: starting
[32635] dbg: Botnet: no trusted relays
[32635] dbg: Botnet: get_relay good RDNS
[32635] dbg: Botnet: IP is '128.6.72.72'
[32635] dbg: Botnet: RDNS is 'gehenna.rutgers.edu'
[32635] dbg: Botnet: HELO is 'gehenna10.rutgers.edu'
[32635] dbg: Botnet: sender ''
[32635] dbg: Botnet: miss (none)
I believe if botnet.pm is checking all the path the mail went thru like how
dnsbl is used, botnet will get more accurate. I could be wrong on this but
for the shake of fighting spam,I hope I am right and you could find a way to
get this to work.
Here is a sample of the bad email which may or may not be from botnet
source.
http://www.cs.rutgers.edu/~makmur/forjrudd.txt
Hope I give enough details.
Thanks again for making fighting spam email easier.
Hanz
--
View this message in context:
http://www.nabble.com/Botnet-0.8-Plugin-is-available-%28FINALLY%21%21%21%29-tf4221965.html#a12947538
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
