On Fri, 29 Oct 2010 22:02:56 -0400 dar...@chaosreigns.com wrote: > I see there's a RDNS_NONE rule for when the sending IP address has no > DNS PTR (reverse DNS) record. But no rule for when that PTR record > doesn't have a matching A (forward DNS) record that matches the > sending IP?
There's one in the optional Botnet plugin, there are a couple of problems with it though. Its rdns lookups aren't very efficient, and it doesn't work for IPv6.
