Botnet 0.4 Spam Assassin plugin

René Berber r.berber at
Sat Nov 25 00:56:44 GMT 2006

John Rudd wrote:
> 12) The BOTNET rule is now worth 5 points, instead of 6.  It would be interesting to know what people have found as useful scores for the plugin.

Too high, I wouldn't use anything above 2.5 and reason is I don't trust any one
rule that much.

> Also, I'm trying to decide on two things:
> a) Does anyone think I _should_ switch to Net::DNS for the botnet_baddns
> function?  Or is the gethostbyname() call good enough?

Same thing, I see no advantage in one or the other.

> b) It seems kind of cluttered to have all of the various BOTNET_* rules
> show up in the test list and detailed report.  But I have kept it that
> way, instead of changing their names to have __ in front, so that I can
> see what sub-rules were specifically triggered.  What are people's
> opinions on that, for the 1.0 release:
>     i) do you want me to leave it as it is, or
>    ii) put in the __ so that the sub-rules stop showing up in the
>        final report?

As long as there is a debug option, the long report should be limited for debug
info and the short one for normal operation.
René Berber

More information about the MailScanner mailing list