On Wed, Nov 26, 2008 at 01:15:48PM -0800, Bill Randle wrote: > On Thu, 2008-11-27 at 09:51 +1300, Lists wrote: > > Bill Randle wrote: > > > * 5.5 BOTNET Relay might be a spambot or virusbot > > > * [botnet0.8,ip=200.219.72.83,nordns] > > > > > I will look into the BOTNET as I don't believe we are using this at the > > moment. Do you get many fp's with this? > > Not that I'm aware of. If you're concerned, you can lower the score. I > keep it fairly high as sometimes it's the only thing of any significance > that hits.
Giving 5.5 points to a host without reverse DNS makes no sense. Of course it's your rules, and you slightly advocate being cautious, but still someone could think that Botnet is FP safe by default. You are much better off doing all the things that Botnet does in your MTA. Block dynamic HELOs, greylist hosts without DNS/with dynamic DNS.
