Re: Botnet 0.7 soon

2006-12-22 Thread Ivy
Envelope-From, Return-Path, or From, in that order) mail domain (the part after the @ sign) resolves back to the relay's IP address, or has an MX host which ...snip... -- View this message in context: http://www.nabble.com/Botnet-0.7-soon-tf2843481.html#a8028903 Sent from

Re: Botnet 0.7 soon

2006-12-21 Thread Tim B.
John Rudd wrote: New things: 1) BOTNET_SOHO -- If the sender's (chosen from Envelope-From, Return-Path, or From, in that order) mail domain (the part after the @ sign) resolves back to the relay's IP address, or has an MX host which resolves back to the IP address, AND the sender's mail

Re: Botnet 0.7 soon

2006-12-21 Thread John Rudd
Tim B. wrote: John Rudd wrote: out of curiosity, which release branches of SA is supported with this plugin? the 3.1.x 3.0.x or just the 3.1.x? I've only tried it on 3.1.7.

Re: Botnet 0.7 soon

2006-12-21 Thread Erik Dasque
Once installed, how do I know it's working ? Also, what's the perl file for ? I only copied the pm cf files to the sa plugin directory. Erik On Dec 21, 2006, at 8:07 AM, John Rudd wrote: Tim B. wrote: John Rudd wrote: out of curiosity, which release branches of SA is supported with

Re: Botnet 0.7 soon

2006-12-21 Thread John Rudd
Erik Dasque wrote: Once installed, how do I know it's working ? If you take a message that came from a host with no reverse DNS, bad DNS (if you're using sendmail, and it said [may be forged] in the received header), or a machine that has any other botnet like characteristics, then you can

Re: Botnet 0.7 soon

2006-12-19 Thread Phil Barnett
On Monday 18 December 2006 20:16, John Rudd wrote: New things: Snippo of neat things that were added I think that's everything... Just need another day or two of testing before I release it. One thing I noticed from the previous version was there was no mention of version numbers anywhere

Re: {Spam?} Re: Botnet 0.7 soon

2006-12-19 Thread John Rudd
Phil Barnett wrote: On Monday 18 December 2006 20:16, John Rudd wrote: New things: Snippo of neat things that were added I think that's everything... Just need another day or two of testing before I release it. One thing I noticed from the previous version was there was no mention of

Botnet 0.7 soon

2006-12-18 Thread John Rudd
New things: 1) BOTNET_SOHO -- If the sender's (chosen from Envelope-From, Return-Path, or From, in that order) mail domain (the part after the @ sign) resolves back to the relay's IP address, or has an MX host which resolves back to the IP address, AND the sender's mail domain does NOT