You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Dan Barker <db...@visioncomm.net> on 2008/01/03 22:00:06 UTC
Botnet why?
Why'd baddns hit? I'm confused.
Dan
Report:
Content analysis details: (5.9 points, 5.6 required)
pts rule name description
---- ----------------------
--------------------------------------------------
5.0 BOTNET Relay might be a spambot or virusbot
[botnet0.8,ip=67.104.179.147,rdns=gadental.org,maildomain=gadental.org,baddn
s]
0.0 HTML_MESSAGE BODY: HTML included in message
0.0 BAYES_50 BODY: Bayesian spam probability is 40 to 60%
[score: 0.5000]
0.9 AWL AWL: From: address is in the auto white-list
Research:
Mail from some user at gadental.org
dig mx gadental.org says:
gadental.org. 86400 IN MX 10 mail.gadental.org.
mail.gadental.org. 86369 IN A 67.104.179.147
dig -x 67.104.179.147 says:
147.179.104.67.in-addr.arpa. 10253 IN PTR gadental.org.
Original Headers:
X-Envelope-From:<chandler@gadental.org
Received: from mail.gadental.org [67.104.179.147] by mail.visioncomm.net
with ESMTP
(SMTPD32-8.15) id A16054AA0026; Thu, 03 Jan 2008 15:11:12 -0500
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----_=_NextPart_001_01C84E44.C90EB46D"
Subject: FW:
Date: Thu, 3 Jan 2008 15:10:34 -0500
Message-ID: <82...@GDAMAIN.gadental.org>
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
Thread-Index: Acg8BiV4u1PQlxPHRNazBNw4v2rAwASPlnIA
From: "Lisa Chandler" <ch...@gadental.org>
To: "esepark@ppcsouth.com" <'esepark@ppcsouth.com'>
Cc: "Delaine Hall" <ha...@gadental.org>
RE: Botnet why?
Posted by "James E. Pratt" <jp...@norwich.edu>.
>> -----Original Message-----
>> From: Dan Barker [mailto:dbarker@visioncomm.net]
>> Sent: Thursday, January 03, 2008 4:00 PM
>> To: users@spamassassin.apache.org
>> Subject: Botnet why?
>>
>> Why'd baddns hit? I'm confused.
>>
>> Dan
>>
>> Report:
>>
>> Content analysis details: (5.9 points, 5.6 required)
>>
>> pts rule name description
>> ---- ----------------------
>> --------------------------------------------------
>> 5.0 BOTNET Relay might be a spambot or virusbot
Better question, why is BOTNET scoring at 5.0!!?? I will admit I have
not used it in quite some time due to many many many fp's, so perhaps
that is default, but 5.0 seems excessively high to me either way... :\
Regards,
jamie
Re: Botnet why?
Posted by Jari Fredriksson <ja...@iki.fi>.
> On 03.01.08 16:00, Dan Barker wrote:
>> Why'd baddns hit? I'm confused.
>
>> 5.0 BOTNET Relay might be a spambot or
>> virusbot
>> [botnet0.8,ip=67.104.179.147,rdns=gadental.org,maildomain=gadental.org,baddn
>> s]
>
>> dig mx gadental.org says:
>> gadental.org. 86400 IN MX 10
>> mail.gadental.org. mail.gadental.org. 86369
>> IN A 67.104.179.147
>
>
>> dig -x 67.104.179.147 says:
>> 147.179.104.67.in-addr.arpa. 10253 IN PTR gadental.org.
>
> gadental.org has address 67.18.105.136
>
> this is bad DNS...
Yes, the PTR record should be
147.179.104.67.in-addr.arpa. 10253 IN PTR mail.gadental.org.
Re: Botnet why?
Posted by Matus UHLAR - fantomas <uh...@fantomas.sk>.
On 03.01.08 16:00, Dan Barker wrote:
> Why'd baddns hit? I'm confused.
> 5.0 BOTNET Relay might be a spambot or virusbot
> [botnet0.8,ip=67.104.179.147,rdns=gadental.org,maildomain=gadental.org,baddn
> s]
> dig mx gadental.org says:
> gadental.org. 86400 IN MX 10 mail.gadental.org.
> mail.gadental.org. 86369 IN A 67.104.179.147
> dig -x 67.104.179.147 says:
> 147.179.104.67.in-addr.arpa. 10253 IN PTR gadental.org.
gadental.org has address 67.18.105.136
this is bad DNS...
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
2B|!2B, that's a question!