Henrik Krohns wrote:

>
> If you want a simple solution, you can try http://sa.hege.li/ for BadRelay
> plugin.
>


BadRelay makes a fairly fatal assumption: The MTA put the rdns into the
Received header. I know of 2 MTAs that don't do that (they just put the
IP address in, without the rdns name). If you're using one of those
MTAs, then I'll bet you're going to get lots of BadRelay false positives
.... just like the SA 3.2.1 rule for checking for no-rdns gets lots of
false positives, for the same reason. That's why Botnet, by default,
does an actual rdns lookup on the IP address: so it can remain MTA agnostic.

And, if your MTA did do the rdns lookup, and you've got a sane MTA set
up (local caching name server that retains the lookup for more than a
couple minutes), then the information should still be in the cache when
the plugin does its lookup. That makes the BadRelay attempt at an
optimization into something fairly moot.