thoughts? Would this defeat botnets?
John Rudd
jrudd at ucsc.edu
Sun Nov 19 01:45:08 GMT 2006
For defeating botnets, I use a milter to block:
a) anything without reverse DNS
b) anything whose hostname from reverse DNS doesn't resolve
c) anything whose hostname from reverse DNS doesn't resolve to an IP
address or list of IP addresses which includes the IP address I started with
d) any hostname which contains 2 or more octets of its own IP address
(in decimal or hexidecimal), with or without leading zeroes, with or
without separators.
e) any hostname which contains keywords like: dynamic, dls, dial-up,
ppp, modem, etc.
Works VERY well. I do it in a way that lets the message through if it's
going to postmaster and/or abuse (but no other addresses). That way
people can ask for exceptions if I issue get false positive.
I also took this code and made it into a spam assassin plugin
(RelayChecker). One person gave me back stats from his site. He was
getting 78% accuracy with RelayChecker, for overall spam. (78% of
messages that were spam were getting tagged by RelayChecker) Though, he
also had a 1% FP rate (1% of ham was getting tagged by RelayChecker, as
well).
So, there you.
More information about the MailScanner
mailing list