Envelope-From,
Return-Path, or From, in that order) mail domain (the part after the @
sign) resolves back to the relay's IP address, or has an MX host which
...snip...
--
View this message in context:
http://www.nabble.com/Botnet-0.7-soon-tf2843481.html#a8028903
Sent from
John Rudd wrote:
New things:
1) BOTNET_SOHO -- If the sender's (chosen from Envelope-From,
Return-Path, or From, in that order) mail domain (the part after the @
sign) resolves back to the relay's IP address, or has an MX host which
resolves back to the IP address, AND the sender's mail
Tim B. wrote:
John Rudd wrote:
out of curiosity, which release branches of SA is supported with this
plugin? the 3.1.x 3.0.x or just the 3.1.x?
I've only tried it on 3.1.7.
Once installed, how do I know it's working ? Also, what's the perl
file for ? I only copied the pm cf files to the sa plugin directory.
Erik
On Dec 21, 2006, at 8:07 AM, John Rudd wrote:
Tim B. wrote:
John Rudd wrote:
out of curiosity, which release branches of SA is supported with
Erik Dasque wrote:
Once installed, how do I know it's working ?
If you take a message that came from a host with no reverse DNS, bad DNS
(if you're using sendmail, and it said [may be forged] in the received
header), or a machine that has any other botnet like characteristics,
then you can
On Monday 18 December 2006 20:16, John Rudd wrote:
New things:
Snippo of neat things that were added
I think that's everything...
Just need another day or two of testing before I release it.
One thing I noticed from the previous version was there was no mention of
version numbers anywhere
Phil Barnett wrote:
On Monday 18 December 2006 20:16, John Rudd wrote:
New things:
Snippo of neat things that were added
I think that's everything...
Just need another day or two of testing before I release it.
One thing I noticed from the previous version was there was no mention of
New things:
1) BOTNET_SOHO -- If the sender's (chosen from Envelope-From,
Return-Path, or From, in that order) mail domain (the part after the @
sign) resolves back to the relay's IP address, or has an MX host which
resolves back to the IP address, AND the sender's mail domain does NOT