|
|
| Applications |
| Mailing Lists |
| Miscellaneous |
| Operating Systems |
| Programming |
Re: Botnet 0.8 Plugin is available (FINALLY!!!)
Date: Fri Sep 28 2007 - 17:31:42 EDT
hanz wrote:
>
> I believe if botnet.pm is checking all the path the mail went thru like how
> dnsbl is used, botnet will get more accurate.
No, it would throw a lot more false-positives. Every end user (corporate, home, etc.) on a dynamic IP address would suddenly get their email flagged by botnet, because the originating host matches the botnet conditions.
Consider this senario:
- user on dynamic IP sends email to their ISP's mail server
- ISP's mail server submits message to your mail server
In your suggested processing, this would generate a false positive: the message would be marked as a potential botnet even though the message was handled in a legitimate manner (message went out through the ISP's mail server instead of coming _directly_ from the dynamic host).
Botnet specifically only tries to look at the host that submitted the message to your environment because of this.
So you might ask "what about ISPs that aren't policing their network, to keep botnets from relaying through them?" Those can much more easily be targeted by DSBLs than trying to DSBL every little dynamic host (though, pbl.spamhaus.org seems to be trying to do that). In one way, Botnet tries to encourage a bottle-neck of mail traffic through each provider's mail server, partially to make it easier to manage all of the end points recipient postmasters have to deal with.
So, basically, I wont be changing botnet to do what you're asking for. I consider it to be a rather bad idea. Though, you could fork the code, call it something else, and make your own that behaves however you want. Received on Fri Sep 28 17:32:40 2007
This archive was generated by hypermail 2.1.8 : Sat Oct 27 2007 - 22:26:06 EDT
|
Contact Us Legal Notices Order Services Online Pantek Home Privacy Policy IT news Site Map Pantek Library |