> -----Original Message----- > From: news [mailto:[EMAIL PROTECTED] On Behalf Of René Berber > Sent: 22 August 2007 07:42 > To: users@spamassassin.apache.org > Subject: Re: BOTNET Exceptions for Today > > John Rudd wrote: > > > René Berber wrote: > >> Here's a good example of why Botnet's default score is too high, those > >> guys at > >> meridiencancun have a so called "Enterprise account" with their ISP, > >> what they > >> get is a fixed IP and no control over reverse DNS, that's why the > reverse > >> returns what the ISP configured. Best practices and other fiction > >> don't apply > >> to the real world in cases like this. > > > > As for "best practices" being "fiction" that "doesn't apply to the real > > world" ... it's rinky-dink mail servers run by people with half-assed > > opinions like that that cause there to be such a huge number of > > exploited mail servers on the planet. > > Exploited mail servers are badly configured mail servers, that's a whole > different subject from what is being discussed. > > > People who think "best practices" are "fiction" are the scourge that > > makes the internet such an unreliable place. > > > > Here kid, have a nickel. Go buy yourself a real mail server. > > I'm not a kid, so I would appreciate some respect. If you think I don't > know > what I'm talking about, that's your prerogative, you don't really know me. > -- > René Berber
Ok here's my 2 pence worth. Botnet 0.8 is a lot better than 0.7 - please upgrade if you don't already. Personally I find the big meta-rule a big heavy (or did at 0.7 anyway). I run the rules separately which give me better results and also better visibility as to why botnet fired. A lot of these "false positive" errors are down to 1) lack of education and the commercial mass mailers pretending to send out from the client but still resolving back to the mass emailer. Here's an example of how MailScanner handles this with it's phishing net system. There's a big whitelist file that you can 1) add you own stuff to and 2) download updates for (which doesn't overwrite your whitelist). Perhaps people need to get together with John to produce some sort of botnet whitelist rbl for known 'good' commercial mass emailers like ems6.net????? I'll shut up now ;-) -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 ********************************************************************** Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer. Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer. Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us. Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free. Red Lion 49 Ltd T/A Solid State Logic Registered as a limited company in England and Wales (Company No:5362730) Registered Office: 25 Spring Hill Road, Begbroke, Oxford OX5 1RU, United Kingdom **********************************************************************