On Wed, 17 Mar 2010 14:45:53 -0700, John Rudd <jr...@ucsc.edu> wrote: > Some people need to put in some alternate values for DNS timeouts, but > if you've got a local caching name server, you typically don't need > that. > > There aren't any actual bugs in it that I'm aware of, so I haven't > released a new version. As I see it, there isn't a need (and that is > a somewhat controversial statement with some of the more opinionated > people around here). > > I do still see some things that get nailed by it ... but there's lots > of those same hosts that get caught by the Spamhaus PBL. So, it kind > of depends on what you're doing with PBL and/or Zen, as to whether or > not you need Botnet. But, there are still plenty of things coming > from that class of hosts, so if you don't use one, I'd definitely > recommend using the other.
Yeah, I've been having problems recently which I think are related to me
using both Zen/PBL along with the Botnet plugin weighted to score level
5, even if I were to have it lower at 3 it would still be too much.
Many users are complaining and when I finally get some useful messages
with headers to analyze I am finding something like the following:
X-Spam-Report:
* 3.3 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL
* [213.6.61.151 listed in zen.dnsbl]
* 1.0 RCVD_IN_BRBL RBL: Received via relay listed in Barracuda RBL
* [213.6.61.151 listed in b.barracudacentral.org]
* 1.4 RCVD_IN_BRBL_LASTEXT RBL: RCVD_IN_BRBL_LASTEXT
* [213.6.61.151 listed in bb.barracudacentral.org]
* 0.0 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP
address
* [213.6.61.151 listed in dnsbl.sorbs.net]
* 0.8 SPF_NEUTRAL SPF: sender does not match SPF record (neutral)
* 5.0 BOTNET Relay might be a spambot or virusbot
*
[botnet0.8,ip=213.6.61.151,rdns=a61-151.adsl.paltel.net,maildomain=palnet.com,client,ipinhostname,clientwords]
* 1.0 RDNS_DYNAMIC Delivered to internal network by host with
* dynamic-looking rDNS
This brings it over the 8 threshold, although it is a legitimate email
From a user who has unfortunately been saddled with a dynamic IP that
previously was used by a spammer. No amount of explanation to these
users about this is going to assuage their feelings, and there isn't
really anything that can be done by them. They can complain to their ISP
I guess, they could also find another ISP, but these are not
particularly productive steps towards resolving this problem.
I'm interested in other suggestions that I offer people as alternatives,
but until then I think I may need to remove Botnet from the equation.
micah
pgpOYcMscG6vB.pgp
Description: PGP signature
