thoughts? Would this defeat botnets?

Pete Russell pete at enitech.com.au
Sun Nov 19 08:53:59 GMT 2006



John Rudd wrote:
> 
> 
> For defeating botnets, I use a milter to block:
> 
> a) anything without reverse DNS
> 
> b) anything whose hostname from reverse DNS doesn't resolve
> 
> c) anything whose hostname from reverse DNS doesn't resolve to an IP 
> address or list of IP addresses which includes the IP address I started 
> with
> 
> d) any hostname which contains 2 or more octets of its own IP address 
> (in decimal or hexidecimal), with or without leading zeroes, with or 
> without separators.
> 
> e) any hostname which contains keywords like: dynamic, dls, dial-up, 
> ppp, modem, etc.
> 
> 
> Works VERY well.  I do it in a way that lets the message through if it's 
> going to postmaster and/or abuse (but no other addresses).  That way 
> people can ask for exceptions if I issue get false positive.
> 
> 
> I also took this code and made it into a spam assassin plugin 
> (RelayChecker).  One person gave me back stats from his site.  He was 
> getting 78% accuracy with RelayChecker, for overall spam. (78% of 
> messages that were spam were getting tagged by RelayChecker)  Though, he 
> also had a 1% FP rate (1% of ham was getting tagged by RelayChecker, as 
> well).
> 
> 
> So, there you.

1%? thats a few. What were the causes of those? Legit sender who have 
misconfigured PTR etc?


More information about the MailScanner mailing list