This is a discussion on RE: DUL Lists? - OT - SpamAssassin ; Thanks for yet _more_ confirmation. However, if botnet is depending on DNS pulling the "right" stuff, and someone's DNS is pulling the "wrong" stuff, then it still could be botnet; just not directly. Definitions: "right": follow the CNAME to get ...
Thanks for yet _more_ confirmation. However, if botnet is depending on DNS
pulling the "right" stuff, and someone's DNS is pulling the "wrong" stuff,
then it still could be botnet; just not directly.
"right": follow the CNAME to get a PTR
"wrong": return the CNAME as an answer.
I'm trying to get my provider to change the mailer's in-addr records to PTR
and leave the other 59 as CNAMES to my DNS server. If that works, then the
problem might go away. If they won't/can't do that, I don't know what else
to try. I guess I could go through all the hassle of having my rDNS remoted.
Sure sounds like a pain. It would _really_ be a pain if it didn't work
From: John Rudd [mailto:email@example.com]
Sent: Tuesday, June 12, 2007 1:25 PM
To: Dan Barker
Subject: Re: DUL Lists? - OT
Dan Barker wrote:
> I'm receiving a lot of 421 rejects with:
> Unexpected connection response from server:
> 421 mails from 126.96.36.199 refused: local dynamic IP address
In case there's any doubt about whether or not the Botnet plugin tripped up
on the PTR record situation (and someone used that as a basis for a
tempfail), here's the output of Botnet.pl for that IP address:
% Botnet.pl 188.8.131.52 visioncomm.net Botnet Version = 0.8 checking IP
BOTNET_NORDNS: not hit - mail.visioncomm.net
BOTNET_BADDNS: not hit - hostname resolves back to ip
BOTNET_IPINHOSTNAME: not hit
BOTNET_CLIENTWORDS: not hit
BOTNET_SERVERWORDS: hit, matches=mail
BOTNET_CLIENT (meta) not hit
BOTNET_CLIENT (code) not hit, tests=none
BOTNET_SOHO: not hit
BOTNET (meta) not hit
BOTNET (code) not hit, tests=none
a) Botnet wasn't mislead by the PTR alias
b) None of the Botnet tests flagged this as a Botnet (the one hit was for
"server words" which would have helped you, not hurt you).