This is a discussion on Re: Suggested botnet rule scores - SpamAssassin ; On Fri, Aug 17, 2007 at 08:47:38AM -0700, John Rudd wrote: > Henrik Krohns wrote: > >> If you want a simple solution, you can try http://sa.hege.li/ for BadRelay >> plugin. > > BadRelay makes a fairly fatal assumption: The ...
On Fri, Aug 17, 2007 at 08:47:38AM -0700, John Rudd wrote:
> Henrik Krohns wrote:
>
>> If you want a simple solution, you can try http://sa.hege.li/ for BadRelay
>> plugin.
>
> BadRelay makes a fairly fatal assumption: The MTA put the rdns into the
> Received header. I know of 2 MTAs that don't do that (they just put the IP
> address in, without the rdns name). If you're using one of those MTAs,
> then I'll bet you're going to get lots of BadRelay false positives ... just
> like the SA 3.2.1 rule for checking for no-rdns gets lots of false
I don't make any worse assumptions than SA. If it doesn't work, it doesn't
work, get a decend MTA (works for me). I don't see any point having
unnecessary stuff like Net:NS and dealing with timeout issues, since I
don't need any special checks. I just want to check rdns.
Cheers,
Henrik
