thoughts? Would this defeat botnets?
Pete Russell
pete at enitech.com.au
Sun Nov 19 08:53:59 GMT 2006
John Rudd wrote:
>
>
> For defeating botnets, I use a milter to block:
>
> a) anything without reverse DNS
>
> b) anything whose hostname from reverse DNS doesn't resolve
>
> c) anything whose hostname from reverse DNS doesn't resolve to an IP
> address or list of IP addresses which includes the IP address I started
> with
>
> d) any hostname which contains 2 or more octets of its own IP address
> (in decimal or hexidecimal), with or without leading zeroes, with or
> without separators.
>
> e) any hostname which contains keywords like: dynamic, dls, dial-up,
> ppp, modem, etc.
>
>
> Works VERY well. I do it in a way that lets the message through if it's
> going to postmaster and/or abuse (but no other addresses). That way
> people can ask for exceptions if I issue get false positive.
>
>
> I also took this code and made it into a spam assassin plugin
> (RelayChecker). One person gave me back stats from his site. He was
> getting 78% accuracy with RelayChecker, for overall spam. (78% of
> messages that were spam were getting tagged by RelayChecker) Though, he
> also had a 1% FP rate (1% of ham was getting tagged by RelayChecker, as
> well).
>
>
> So, there you.
1%? thats a few. What were the causes of those? Legit sender who have
misconfigured PTR etc?
More information about the MailScanner
mailing list