spamassassin-users October 2010 archive
Main Archive Page > Month Archives  > spamassassin-users archives
spamassassin-users: Re: Full circle DNS test?

Re: Full circle DNS test?

From: Jared Hall <jhall_at_nospam>
Date: Sat Oct 30 2010 - 16:35:41 GMT
To: SpamAssassin <users@spamassassin.apache.org>

RW wrote:
> On Fri, 29 Oct 2010 22:02:56 -0400
> Darxus@ChaosReigns.com wrote:
>
>
>> I see there's a RDNS_NONE rule for when the sending IP address has no
>> DNS PTR (reverse DNS) record. But no rule for when that PTR record
>> doesn't have a matching A (forward DNS) record that matches the
>> sending IP?
>>
>
> There's one in the optional Botnet plugin, there are a couple of
> problems with it though. Its rdns lookups aren't very efficient, and
> it doesn't work for IPv6.
>
>
Ah, Paranoid mode - most useful once upon a time. I can see cases where
this might still be useful; and it's certainly better to score than to
reject outright. That said, as others on this list suggest, this
probably will never make it into the native SA development effort.

RW is correct. The Botnet.pm plugin supports this for IP4 addresses via
the rule "BOTNET_BADDNS":

describe BOTNET_BADDNS Relay doesn't have full circle DNS
header BOTNET_BADDNS eval:botnet_baddns()
score BOTNET_BADDNS 0.0

Regards,

Jared Hall