The Doctor wrote:
On Sun, Nov 12, 2006 at 05:26:10PM -0800, John Rudd wrote:
New version of RelayChecker.
http://people.ucsc.edu/~jrudd/spamassassin/RelayChecker.tar
Changes:
- It's now in a single tar file. Put the tar file into your plugin
directory, expand it, and all should be good. The tar file includes:
COPYING - the GPL
RelayChecker.txt - explanations of each rule and option
RelayChecker.pm - the plugin, now with copyright info
RelayChecker.cf - example cf file (you should check the file)
- The individual tests are now individual rules. Each has a score of .01
- The badrdns and baddns test are combined into one rule,
RELAY_CHECKER_BADDNS
- The RELAY_CHECKER rule is now a meta rule, with a score of 6. It is
now set statically in the cf file instead of dynamically in the pm file.
- The config options have changed a bit. You no longer set a "skip"
preference for individual tests. Since the tests are now rules, you
just set that rule to 0.
- There is now an option, relaychecker_reduced_dns, which eliminates
all extra DNS checks. Instead of the PTR check, it uses the "rdns="
part of the Untrusted Relays pseudo-header, and the RELAY_CHECKER_BADDNS
test always returns 0.
- The dynhostname and clienthostname tests have been combined and
replaced by the RELAY_CHECKER_KEYWORDS rule. This uses a cf file
option, relaychecker_keywords, which feeds this test with keywords to
search for in the hostname. If you don't like certain keywords, just
don't use them. Or you can add more keywords just by changing the cf file.
- The iphostname check (now RELAY_CHECKER_IPHOSTNAME) now allows more
than 1 character of separation between the octets (since some hosts have
multiple characters), automatically pads a 0 for hex values less than 10
(to avoid tripping on words with ff or ee in them), and looks for
decimal values that combine 2 or 3 of the octets.
- I think the relaychecker_skip_ip, relaychecker_pass_ip, and
relaychecker_pass_auth options had been in the previous release so I'm
not going to explain them here. If I'm wrong, then the explanation is
in the .txt file.
I still haven't set it up to use Net::DNS. Not sure if I'm going to at
this point, or not. Let me know if you have opinions, one way or the
other, about it.
I'm still interested in hearing about bug reports, feed back, etc. I
think the main thing I have left for a 1.0 release is "getting it into
the wiki", assuming there aren't any major complaints, requests, nor bug
reports.
Though, I had contemplated renaming it to "BotNetHunter", since that's
what it's real goal is. But, not yet. If you have an opinion there,
let me know.
Hello, how do you install this?
1) Put the tar file into whatever directory you use for plugins (ex:
/etc/mail/spamassassin )
2) cd into that directory
3) tar xpf RelayChecker.tar
4) if you use spam assassin through some persistent mechanism (spamd,
mailscanner, a milter, etc.), then you'll need to restart that.
Otherwise, if you just call it directly (not with spamc) through
procmail, you should be fine.
