[Mimedefang] Re: $RelayHostname not matchingsendmail's Receivedheader?

John Rudd john at rudd.cc
Mon Dec 11 14:00:31 EST 2006

Scott Silva wrote:

> That is why I don't score botnet as high as the default. I want the actual
> mail content to contribute something to its being tagged.
> That way if I get a botnet hit at say 2.0, either a bayes_99 or a hit on a
> digest will send it way over. But if it hits only botnet, and nothing else, it
> can pass.

Technically, with a score of 5, the mail still passes.  It just gets 
marked as spam.  (I hope no one actually rejects/deletes/bounces spam at 
an SA score of 5 or even 6 or 7 ... that would seem to me to be a bit 
irresponsible)  The logic is "flag it for review/quarantine/segregation 
if Botnet thinks it came from a zombie".

> I would sugjest that the botnet meta rule would have its name
> extended slightly, so a grep for its name doesn't hit all the botnet rules
> without having to egrep with a regex.

Hm.  What's wrong with having to egrep?

