Depending on which bypass/exemption you're going to use, either 4servers\.com or the IP address are what you want to use.
The "bluehill.com" part is the smtp HELO argument, and botnet currently ignores that.
Robert Fitzpatrick wrote:
I applied BOTNET rules yesterday and have some legitimate mail getting blocked and looking for the best way to bypass. I added 'bluehill\.com' to the list of botnet_pass_domains, is that correct or should I be adding '4servers\.com' or both?
Received: from bluehill.com (67-30-129-1.4servers.com [67.30.129.1]) by esmtp.webtent.net (WebTent ESMTP Postfix Internet Mail Gateway) with ESMTP i$ for <[EMAIL PROTECTED]>; Tue, 10 Apr 2007 08:20:27 -0400 (EDT)