$host 216.117.166.139
139.166.117.216.in-addr.arpa domain name pointer nameservices.net.
$host nameservices.net
nameservices.net has address 216.117.191.6
nameservices.net mail is handled by 10 mail.nameservices.net.
$host mail.nameservices.net.
mail.nameservices.net has address 216.117.159.238
Reverse =/= Forward, thus it hits.
Dan Barker wrote:
> I got a message that begins:
>
> Received: from ccdnc.net [216.117.166.139] by mail.visioncomm.net with ESMTP
> (SMTPD32-8.15) id A3F2105A0058; Thu, 04 Oct 2007 14:41:54 -0400
> Received: from President [74.168.150.234] by ccdnc.net with ESMTP
> (SMTPD32-8.00) id A56C5201EE; Thu, 04 Oct 2007 14:48:12 -0400
> From: "Glenn M Gainey" <ggainey@ccdnc.net>
> ...
>
> The Report says:
>
> X-Spam-Status: Yes, score=7.2 required=5.6 tests=BAYES_80=2, BOTNET=5,
> FORGED_RCVD_HELO=0.135,HTML_90_100=0.113,HTML_MESSAGE=0.001 autolearn=no
> version=3.1.7
>
> My config says:
>
> ...
> trusted_networks 172.24.0.0/13 207.101.65.90/32
> ...
>
> dig says:
> dig -x 216.117.166.139 PTR nameservices.net.
> dig -x 74.168.150.234 PTR adsl-074-168-150-234.sip.ilm.bellsouth.net.
>
> I'm thinking maybe the rDNS lookup timed out and so Botnet didn't work
> right. I can't really see why the second received header (the DSL one) would
> even be referenced with the first received header looking legit.
>
> thots?
>
> Tia
>
> Dan
>
>
Received on Thu Oct 4 16:12:46 2007
This archive was generated by hypermail 2.1.8
: Sun Oct 28 2007 - 04:20:01 EDT
|
