You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Noc Phibee <no...@phibee.net> on 2006/12/02 18:33:09 UTC
RelayChecker ?
Hi,
this is my RelayChecker config:
# load the plugin
loadplugin RelayChecker RelayChecker.pm
# configuration settings
relaychecker_pass_auth 0
relaychecker_reduced_dns 0
relaychecker_skip_ip ^127\.0\.0\.1$
relaychecker_skip_ip ^128\.114\.125\..*$
relaychecker_pass_ip ^10\.0\.0\..*$
relaychecker_keywords = cable catv ddns dhcp dial-?up dip dsl dynamic
modem ppp
# slightly more controversial keywords
relaychecker_keywords = client fixed pool static user
# the Rules
describe RELAY_CHECKER Any RelayChecker rule hit
meta RELAY_CHECKER ((
RELAY_CHECKER_KEYWORDS + RELAY_CHECKER_IPHOSTNAME + RELAY_CHECKER_BADDNS
+ RELAY_CHECKER_NORDNS) > 0)
score RELAY_CHECKER 6.0
describe RELAY_CHECKER_NORDNS No PTR record
header RELAY_CHECKER_NORDNS eval:relay_checker_nordns()
score RELAY_CHECKER_NORDNS 0.01
describe RELAY_CHECKER_BADDNS Doesn't have full circle DNS
header RELAY_CHECKER_BADDNS eval:relay_checker_baddns()
score RELAY_CHECKER_BADDNS 0.01
describe RELAY_CHECKER_IPHOSTNAME Hostname contains IP address
header RELAY_CHECKER_IPHOSTNAME
eval:relay_checker_iphostname()
score RELAY_CHECKER_IPHOSTNAME 0.01
describe RELAY_CHECKER_KEYWORDS Hostname matches keywords
header RELAY_CHECKER_KEYWORDS
eval:relay_checker_keywords()
score RELAY_CHECKER_KEYWORDS 0.01
i thnk's it's the default install, this value are correct or small ?
Thanks bye
Re: RelayChecker ?
Posted by John Rudd <jr...@ucsc.edu>.
Those work, but:
a) you should look at the Botnet plugin. I just posted an announcement
about it this morning. I renamed "RelayChecker" to Botnet a few weeks
ago. I've done at least one code update since then.
b) if you stick with the one you've got, remove the line that has
"128\.114\.125" in it. That's my mail server block. You don't really
need to have that in your config.
Noc Phibee wrote:
> Hi,
>
> this is my RelayChecker config:
>
>
> # load the plugin
>
> loadplugin RelayChecker RelayChecker.pm
>
>
> # configuration settings
>
> relaychecker_pass_auth 0
> relaychecker_reduced_dns 0
> relaychecker_skip_ip ^127\.0\.0\.1$
> relaychecker_skip_ip ^128\.114\.125\..*$
> relaychecker_pass_ip ^10\.0\.0\..*$
> relaychecker_keywords = cable catv ddns dhcp dial-?up dip dsl dynamic
> modem ppp
>
> # slightly more controversial keywords
> relaychecker_keywords = client fixed pool static user
>
>
> # the Rules
>
> describe RELAY_CHECKER Any RelayChecker rule hit
> meta RELAY_CHECKER ((
> RELAY_CHECKER_KEYWORDS + RELAY_CHECKER_IPHOSTNAME + RELAY_CHECKER_BADDNS
> + RELAY_CHECKER_NORDNS) > 0)
> score RELAY_CHECKER 6.0
>
> describe RELAY_CHECKER_NORDNS No PTR record
> header RELAY_CHECKER_NORDNS eval:relay_checker_nordns()
> score RELAY_CHECKER_NORDNS 0.01
>
> describe RELAY_CHECKER_BADDNS Doesn't have full circle
> DNS
> header RELAY_CHECKER_BADDNS eval:relay_checker_baddns()
> score RELAY_CHECKER_BADDNS 0.01
>
> describe RELAY_CHECKER_IPHOSTNAME Hostname contains IP
> address
> header RELAY_CHECKER_IPHOSTNAME
> eval:relay_checker_iphostname()
> score RELAY_CHECKER_IPHOSTNAME 0.01
>
> describe RELAY_CHECKER_KEYWORDS Hostname matches keywords
> header RELAY_CHECKER_KEYWORDS
> eval:relay_checker_keywords()
> score RELAY_CHECKER_KEYWORDS 0.01
>
>
>
> i thnk's it's the default install, this value are correct or small ?
>
> Thanks bye
>