Re: Spam slipped

From: arni <mail(at)arni.name>
Date: Thu Jun 21 2007 - 16:23:45 EDT

Suhas Ingale schrieb:

> Any custom rules to catch this?
>
>   

without headers i cant tell but i had the same spam, so here is my report:

• 4.4 HELO_DYNAMIC_IPADDR2 Relay HELO'd using suspicious hostname (IP addr
• 2)
• 0.0 FH_HELO_EQ_D_D_D_D Helo is d-d-d-d
• 2.0 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
• [Blocked - see <http://www.spamcop.net/bl.shtml?86.124.176.33>]
• 3.0 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL
• [86.124.176.33 listed in zen.spamhaus.org]
• 0.0 BOTNET_BADDNS Relay doesn't have full circle DNS
• [botnet_baddns,ip=86.124.176.33,rdns=86-124-176-033.iasi.fiberlink.ro]
• 5.0 BOTNET Relay might be a spambot or virusbot
• [botnet0.7,ip=86.124.176.33,hostname=86-124-176-033.iasi.fiberlink.ro,baddns,client,ipinhostname]
• 0.0 DKIM_POLICY_SIGNSOME Domain Keys Identified Mail: policy says domain
• signs some mails
• 0.0 BOTNET_IPINHOSTNAME Hostname contains its own IP address
• [botnet_ipinhosntame,ip=86.124.176.33,rdns=86-124-176-033.iasi.fiberlink.ro]
• 0.0 BOTNET_CLIENT Relay has a client-like hostname
• [botnet_client,ip=86.124.176.33,hostname=86-124-176-033.iasi.fiberlink.ro,ipinhostname]
• 0.0 BAYES_50 BODY: Bayesian spam probability is 40 to 60%
• [score: 0.5000]
• 0.1 RDNS_DYNAMIC Delivered to trusted network by host with
• dynamic-looking rDNS

arni Received on Thu Jun 21 16:24:23 2007