Matt Kettler escreveu:
Leonardo Rodrigues Magalhães wrote:
i would like to give some score for messages that came from IP
addresses that does not have the reverse correctly configured. I have
seen a lot of IPs that have some reverse name, but that name does not
point back to the IP address.
is it possible to score no reverse at all and/or no complete
reverse in SA rules ?
I could be mistaken, but I think the botnet add-on plugin does this kind
of thing... (among others)
Oh yeah, seem it really does. I'm studying it ... thanks for the tip !
from Botnet.cf
describe BOTNET_NORDNS Relay's IP address has no PTR record
header BOTNET_NORDNS eval:botnet_nordns()
score BOTNET_NORDNS 0.0
describe BOTNET_BADDNS Relay doesn't have full circle DNS
header BOTNET_BADDNS eval:botnet_baddns()
score BOTNET_BADDNS 0.0
--
Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br
Minha armadilha de SPAM, NÃO mandem email
[EMAIL PROTECTED]
My SPAMTRAP, do not email it
