I have some spam hitting some users pretty hard while just falling short of the kill level, see below. Seems if I was using Botnet a little more, it would help. I remember when we installed the Botnet rules, they were too aggressive with lots of complaints stemming from mis-configured dns, yada, yada, yada...so we disabled all but nodns. Now, it seems we may be catching some stuff if we score them just a bit. Wondering what score settings others are using for Botnet or are you able to kill these messages without it?
http://esmtp.webtent.net/mail1.txt Content analysis details: (4.2 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 BOTNET_CLIENTWORDS Hostname contains client-like substrings [botnet_clientwords,ip=72.51.59.60,rdns=60.bo.static.symmetrixns1.com] 0.0 BOTNET Relay might be a spambot or virusbot [botnet0.7,ip=72.51.59.60,hostname=60.bo.static.symmetrixns1.com,maildomain=sitores.villanously.com,client,clientwords] 0.0 BOTNET_CLIENT Relay has a client-like hostname [botnet_client,ip=72.51.59.60,hostname=60.bo.static.symmetrixns1.com,clientwords] 0.0 ACT_NOW_CAPS BODY: Talks about 'acting now' with capitals 2.8 PYZOR_CHECK Listed in Pyzor (http://pyzor.sf.net/) 1.4 DCC_CHECK Listed in DCC (http://rhyolite.com/anti-spam/dcc/) 0.0 DIGEST_MULTIPLE Message hits more than one network digest check Thanks for any help! -- Robert
