You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by Matthias Keller <li...@matthias-keller.ch> on 2007/04/12 06:40:06 UTC

Botnet 0.7: ipinhostname hit when no rdns

Hi

I've got a problem with botnet.
First of all, it seems to fail to resolve this IP even tough if I run 
host 194.145.123.133  on this server, it resolves correctly to
dmserver04.dannemann.com

But then it assumes the rdns is the ip itself and hits the ipinhostname
which is totally inappropriate....

[3941] dbg: Botnet: IP is '194.145.123.133'
[3941] dbg: Botnet: RDNS is '194.145.123.133'
[3941] dbg: Botnet: HELO is 'www.dannemann.com'
[3941] dbg: Botnet: IPINHOSTNAME hit

Matt