On Sat, 6 Jun 2009, John Rudd wrote:
The thing thing to do to fix messages from given locations is lean,
heavily, upon the sender to get their sending environment fixed. What
botnet finds are sites with bad DNS (no full circle reverse DNS), or
sending hosts that look like clients instead of looking like servers. If
the exact cause was the former, then that site is poorly configured
(violating best practices).
If it's the latter, then that's a little more tricky. But there are
entries you can put in the Botnet.cf to exempt sites that actually can't
fix their own reverse DNS, or sites that you really need to communicate
with, but that wont fix their reverse DNS.
John,
The false positives I'm seeing now are primarily from people who know
virtually nothing about computers. Sure, they have some competence in their
Microsoft applications, but to them anything else is a black box. Not only
do they not run their own servers, but they couldn't clearly communicate the
problem to someone who could fix it even if they wanted to do so.
There are obviously many poorly or mis-configured servers and clients on
the 'Net. That's why there's so much spam and malware out there.
I'm lowering the score on that rule.
Thanks,
Rich
--
Richard B. Shepard, Ph.D. | Integrity Credibility
Applied Ecosystem Services, Inc. | Innovation
<http://www.appl-ecosys.com> Voice: 503-667-4517 Fax: 503-667-8863
