I keep saying that I have false positives with botnet, but haven't
substantiated that to date. So, today I'm spending a little time making
exceptions since I would like this to work. Here are todays:
Americanpayroll.org, sent from IP 67.106.104.135, resolves to
67.106.106.135.ptr.us.xo.net #OK, th
Bret Miller wrote:
Enews.webbuyersguide.com (part of Ziff-Davis Media), sent from IP
204.92.135.90, resolves to smtp22.enews.webbuyersguide.com #not sure why
this got a BOTNET=1 flag, but it did. Also find hosts 92, 75, 70, 74, 93,
86, and others. All similarly resolve to smtpnn.enews.webbuyersg
> Bret Miller wrote:
>
> > Enews.webbuyersguide.com (part of Ziff-Davis Media), sent from IP
> > 204.92.135.90, resolves to smtp22.enews.webbuyersguide.com
> #not sure why
> > this got a BOTNET=1 flag, but it did. Also find hosts 92,
> 75, 70, 74, 93,
> > 86, and others. All similarly resolve to
At 12:36 21-08-2007, John Rudd wrote:
# nslookup www2mail.wordreference.com
Non-authoritative answer:
Name: www2mail.wordreference.com
Address: 75.126.29.11
baddns.
There's an authoritative answer for www2mail.wordreference.com.
# nslookup server.nch.com.au
Non-authoritative answer:
Name
> At 12:36 21-08-2007, John Rudd wrote:
> ># nslookup www2mail.wordreference.com
> >
> >Non-authoritative answer:
> >Name: www2mail.wordreference.com
> >Address: 75.126.29.11
> >
> >baddns.
>
> There's an authoritative answer for www2mail.wordreference.com.
>
> ># nslookup server.nch.com.au
> >
On Tue, 2007-08-21 at 13:08 -0700, Bret Miller wrote:
> When I see on the list that many people run botnet with ZERO false
> positives, I have to ask myself, "how?
Anyone who claims that isn't really looking at the email they are
blocking, or don't believe borked DNS qualify as a FP.
> "we can't
Bret Miller wrote on Tue, 21 Aug 2007 12:15:27 -0700:
> Enews.webbuyersguide.com (part of Ziff-Davis Media), sent from IP
> 204.92.135.90, resolves to smtp22.enews.webbuyersguide.com #not sure why
> this got a BOTNET=1 flag, but it did. Also find hosts 92, 75, 70, 74, 93,
> 86, and others. All sim
Andy Sutton wrote:
On Tue, 2007-08-21 at 13:08 -0700, Bret Miller wrote:
When I see on the list that many people run botnet with ZERO false
positives, I have to ask myself, "how?
Anyone who claims that isn't really looking at the email they are
blocking, or don't believe borked DNS qualify as
At 13:08 21-08-2007, Bret Miller wrote:
When I see on the list that many people run botnet with ZERO false
positives, I have to ask myself, "how? And why is our setup here so
different?" Perhaps they already block email with invalid rdns at the MTA
Your setup is different as your users communic
SM wrote:
The
server.nch.com.au case is an interesting one. Technically, there isn't
anything wrong with that setup. But I digress as we are talking about
antispam here.
Technically, there is a problem with it: it violates best practices
asserted by RFC 1912, section 2.1, which warns that
Bret Miller wrote on Tue, 21 Aug 2007 13:08:06 -0700:
> When I see on the list that many people run botnet with ZERO false
> positives, I have to ask myself, "how? And why is our setup here so
> different?" Perhaps they already block email with invalid rdns at the MTA
> level, so none of this ever
I don't know, but botnet hits a significant amount
of legitimate email here, regardless of how badly configured the sending
servers are.
I set botnet to score two, and I flag as spam at four. Every time I've
had a false positive botnet hit, other rules have been enough to keep
the score bel
On Tue, 2007-08-21 at 13:42 -0700, John Rudd wrote:
> b) Botnet gets 0% false positives at one of my services (not just
> "borked DNS == bad", as you're suggesting, but actual "everything that
> triggered botnet was actually spam"). And, yes, I actually check
I never suggested that. My thoughts
At 14:08 21-08-2007, John Rudd wrote:
Technically, there is a problem with it: it violates best practices
asserted by RFC 1912, section 2.1, which warns that not having
matching PTR and A records can cause a loss/denial of internet services.
You're right.
Regards,
-sm
Bret Miller wrote:
> I keep saying that I have false positives with botnet, but haven't
> substantiated that to date. So, today I'm spending a little time making
> exceptions since I would like this to work. Here are todays:
[snip]
> meridiencancun.com.mx, sent from IP , resolves to
> customer-14
On Tue, 21 Aug 2007 16:56:27 -0500
Andy Sutton <[EMAIL PROTECTED]> wrote:
> On Tue, 2007-08-21 at 13:42 -0700, John Rudd wrote:
> > b) Botnet gets 0% false positives at one of my services (not just
> > "borked DNS == bad", as you're suggesting, but actual "everything
> > that triggered botnet was
René Berber wrote:
Bret Miller wrote:
I keep saying that I have false positives with botnet, but haven't
substantiated that to date. So, today I'm spending a little time making
exceptions since I would like this to work. Here are todays:
[snip]
meridiencancun.com.mx, sent from IP , resolves
John Rudd wrote:
> René Berber wrote:
>> Here's a good example of why Botnet's default score is too high, those
>> guys at
>> meridiencancun have a so called "Enterprise account" with their ISP,
>> what they
>> get is a fixed IP and no control over reverse DNS, that's why the reverse
>> returns wh
> -Original Message-
> From: news [mailto:[EMAIL PROTECTED] On Behalf Of René Berber
> Sent: 22 August 2007 07:42
> To: users@spamassassin.apache.org
> Subject: Re: BOTNET Exceptions for Today
>
> John Rudd wrote:
>
> > René Berber wrote:
> >>
On Wed, 2007-08-22 at 08:58 +0100, Martin.Hepworth wrote:
> Botnet 0.8 is a lot better than 0.7 - please upgrade if you don't already.
>
How do you tell what version you have? I cannot find it anywhere in the
files, so I downloaded 0.8 and diff'd the pm against what I have and no
differences. I g
Robert Fitzpatrick wrote:
On Wed, 2007-08-22 at 08:58 +0100, Martin.Hepworth wrote:
Botnet 0.8 is a lot better than 0.7 - please upgrade if you don't already.
How do you tell what version you have? I cannot find it anywhere in the
files, so I downloaded 0.8 and diff'd the pm against what I ha
21 matches
Mail list logo
