Re: Botnet 0.8 Plugin is available (FINALLY!!!)

> At 02:31 PM 9/28/2007, John Rudd wrote:
> >Consider this senario:
> >
> > a) user on dynamic IP sends email to their ISP's mail server
> > b) ISP's mail server submits message to your mail server
> >
> >In your suggested processing, this would generate a false positive:
> >the message would be marked as a potential botnet even though the
> >message was handled in a legitimate manner (message went out through
> >the ISP's mail server instead of coming _directly_ from the dynamic host).

On 28.09.07 14:52, Jerry Durand wrote:
> Our mail server is on a dynamic business line, so we send through our
> ISPs AUTH port (and have this listed in SPF). We still get bounced
> mail from some servers that are scanning all the headers against
> things like the Zen list. For a while, Internic was bouncing mailing
> list digests that had posts from anyone with a dynamic address, seems
> they were scanning the body of the message, too!

Does your provider puth AUTH information into message headers? If so, those servers are certainly broken. ZEN containt IPs like dynamic that are not suppoded to send mail directly, but through their SMTP server. (they are in PBL which is subset of ZEN). The header check should stop at such headers. SA does do that

-- 
Matus UHLAR - fantomas, 
uhlar(at)fantomas.sk ; 
http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
- Holmes, what kind of school did you study to be a detective?
- Elementary, Watson.