[Mimedefang] Re: $RelayHostname not matchingsendmail's Receivedheader?
john at rudd.cc
Mon Dec 11 14:00:31 EST 2006
Scott Silva wrote:
> That is why I don't score botnet as high as the default. I want the actual
> mail content to contribute something to its being tagged.
> That way if I get a botnet hit at say 2.0, either a bayes_99 or a hit on a
> digest will send it way over. But if it hits only botnet, and nothing else, it
> can pass.
Technically, with a score of 5, the mail still passes. It just gets
marked as spam. (I hope no one actually rejects/deletes/bounces spam at
an SA score of 5 or even 6 or 7 ... that would seem to me to be a bit
irresponsible) The logic is "flag it for review/quarantine/segregation
if Botnet thinks it came from a zombie".
> I would sugjest that the botnet meta rule would have its name
> extended slightly, so a grep for its name doesn't hit all the botnet rules
> without having to egrep with a regex.
Hm. What's wrong with having to egrep?
More information about the MIMEDefang