Thanks for yet _more_ confirmation. However, if botnet is depending on DNS pulling the "right" stuff, and someone's DNS is pulling the "wrong" stuff, then it still could be botnet; just not directly.
Definitions: "right": follow the CNAME to get a PTR "wrong": return the CNAME as an answer. I'm trying to get my provider to change the mailer's in-addr records to PTR and leave the other 59 as CNAMES to my DNS server. If that works, then the problem might go away. If they won't/can't do that, I don't know what else to try. I guess I could go through all the hassle of having my rDNS remoted. Sure sounds like a pain. It would _really_ be a pain if it didn't work<g>! Dan Barker -----Original Message----- From: John Rudd [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 12, 2007 1:25 PM To: Dan Barker Cc: 'Spamassassin' Subject: Re: DUL Lists? - OT Dan Barker wrote: > I'm receiving a lot of 421 rejects with: > > Unexpected connection response from server: > 421 mails from 74.254.46.133 refused: local dynamic IP address > 74.254.46.133" > In case there's any doubt about whether or not the Botnet plugin tripped up on the PTR record situation (and someone used that as a basis for a tempfail), here's the output of Botnet.pl for that IP address: % Botnet.pl 74.254.46.133 visioncomm.net Botnet Version = 0.8 checking IP address: 74.254.46.133 BOTNET_NORDNS: not hit - mail.visioncomm.net BOTNET_BADDNS: not hit - hostname resolves back to ip BOTNET_IPINHOSTNAME: not hit BOTNET_CLIENTWORDS: not hit BOTNET_SERVERWORDS: hit, matches=mail BOTNET_CLIENT (meta) not hit BOTNET_CLIENT (code) not hit, tests=none BOTNET_SOHO: not hit BOTNET (meta) not hit BOTNET (code) not hit, tests=none So: a) Botnet wasn't mislead by the PTR alias b) None of the Botnet tests flagged this as a Botnet (the one hit was for "server words" which would have helped you, not hurt you).