> -----Original Message----- > From: John Rudd [mailto:[EMAIL PROTECTED] > Sent: Sunday, November 12, 2006 8:26 PM > To: SpamAssassin Users > Subject: RelayChecker 0.3 > > > New version of RelayChecker. > > http://people.ucsc.edu/~jrudd/spamassassin/RelayChecker.tar > > Changes: > > - It's now in a single tar file. Put the tar file into your plugin > directory, expand it, and all should be good. The tar file includes: > COPYING - the GPL > RelayChecker.txt - explanations of each rule and option > RelayChecker.pm - the plugin, now with copyright info > RelayChecker.cf - example cf file (you should check the file) > > - The individual tests are now individual rules. Each has a score of .01 > > - The badrdns and baddns test are combined into one rule, > RELAY_CHECKER_BADDNS > > - The RELAY_CHECKER rule is now a meta rule, with a score of 6. It is > now set statically in the cf file instead of dynamically in the pm file. > > - The config options have changed a bit. You no longer set a "skip" > preference for individual tests. Since the tests are now rules, you > just set that rule to 0. > > - There is now an option, relaychecker_reduced_dns, which eliminates > all extra DNS checks. Instead of the PTR check, it uses the "rdns=" > part of the Untrusted Relays pseudo-header, and the RELAY_CHECKER_BADDNS > test always returns 0. > > - The dynhostname and clienthostname tests have been combined and > replaced by the RELAY_CHECKER_KEYWORDS rule. This uses a cf file > option, relaychecker_keywords, which feeds this test with keywords to > search for in the hostname. If you don't like certain keywords, just > don't use them. Or you can add more keywords just by changing the cf > file. > > - The iphostname check (now RELAY_CHECKER_IPHOSTNAME) now allows more > than 1 character of separation between the octets (since some hosts have > multiple characters), automatically pads a 0 for hex values less than 10 > (to avoid tripping on words with ff or ee in them), and looks for > decimal values that combine 2 or 3 of the octets. > > - I think the relaychecker_skip_ip, relaychecker_pass_ip, and > relaychecker_pass_auth options had been in the previous release so I'm > not going to explain them here. If I'm wrong, then the explanation is > in the .txt file. > > > I still haven't set it up to use Net::DNS. Not sure if I'm going to at > this point, or not. Let me know if you have opinions, one way or the > other, about it. > > I'm still interested in hearing about bug reports, feed back, etc. I > think the main thing I have left for a 1.0 release is "getting it into > the wiki", assuming there aren't any major complaints, requests, nor bug > reports. > > Though, I had contemplated renaming it to "BotNetHunter", since that's > what it's real goal is. But, not yet. If you have an opinion there, > let me know. >
Is there anything about v 0.3 that would require more overhead than the initial version? I just implemented the new version and sa passed --lint with no errors but within 5-10 min of reloading amavis-new my smtp response time went to multiple seconds and the load on the box went to over 6. Renamed the RelayChecker.cf so it isn't read by sa and reloaded amavisd and back to normal. Any suggestions? Dylan
