Hosting Provided By

Re: Botnet 0.8 Plugin is available (FINALLY!!!)

From: Jerry Durand <jdurand(at)interstellar.com>
Date: Fri Sep 28 2007 - 17:52:04 EDT

At 02:31 PM 9/28/2007, John Rudd wrote:
>Consider this senario:
>
> a) user on dynamic IP sends email to their ISP's mail server
> b) ISP's mail server submits message to your mail server
>
>In your suggested processing, this would generate a false positive:
>the message would be marked as a potential botnet even though the
>message was handled in a legitimate manner (message went out through
>the ISP's mail server instead of coming _directly_ from the dynamic host).

Our mail server is on a dynamic business line, so we send through our ISPs AUTH port (and have this listed in SPF). We still get bounced mail from some servers that are scanning all the headers against things like the Zen list. For a while, Internic was bouncing mailing list digests that had posts from anyone with a dynamic address, seems they were scanning the body of the message, too!

-- 
Jerry Durand, Durand Interstellar, Inc.  www.interstellar.com
tel: +1 408 356-3886, USA toll free: 1 866 356-3886
Skype:  jerrydurand

Received on Fri Sep 28 17:53:00 2007

This message: [ Message body ]
Next message: Jari Fredriksson: "Re: Botnet 0.8 Plugin is available (FINALLY!!!)"
Previous message: JOW: "Re: Odd Memory problem: SA NOT using available memory"
In reply to: John Rudd: "Re: Botnet 0.8 Plugin is available (FINALLY!!!)"
Next in thread: Matus UHLAR - fantomas: "Re: Botnet 0.8 Plugin is available (FINALLY!!!)"
Reply: Matus UHLAR - fantomas: "Re: Botnet 0.8 Plugin is available (FINALLY!!!)"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Sat Oct 27 2007 - 22:36:00 EDT