Henrik Krohns wrote:
If you want a simple solution, you can try http://sa.hege.li/ for BadRelay plugin.
BadRelay makes a fairly fatal assumption: The MTA put the rdns into the Received header. I know of 2 MTAs that don't do that (they just put the IP address in, without the rdns name). If you're using one of those MTAs, then I'll bet you're going to get lots of BadRelay false positives ... just like the SA 3.2.1 rule for checking for no-rdns gets lots of false positives, for the same reason. That's why Botnet, by default, does an actual rdns lookup on the IP address: so it can remain MTA agnostic.
And, if your MTA did do the rdns lookup, and you've got a sane MTA set up (local caching name server that retains the lookup for more than a couple minutes), then the information should still be in the cache when the plugin does its lookup. That makes the BadRelay attempt at an optimization into something fairly moot.
