spamassassin-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dan Barker" <dbar...@visioncomm.net>
Subject Why'd Botnet hit?
Date Thu, 04 Oct 2007 19:06:56 GMT
I got a message that begins:

Received: from ccdnc.net [216.117.166.139] by mail.visioncomm.net with ESMTP
  (SMTPD32-8.15) id A3F2105A0058; Thu, 04 Oct 2007 14:41:54 -0400
Received: from President [74.168.150.234] by ccdnc.net with ESMTP
  (SMTPD32-8.00) id A56C5201EE; Thu, 04 Oct 2007 14:48:12 -0400
From: "Glenn M Gainey" <ggainey@ccdnc.net>
... 

The Report says:

X-Spam-Status: Yes, score=7.2 required=5.6 tests=BAYES_80=2, BOTNET=5,
FORGED_RCVD_HELO=0.135,HTML_90_100=0.113,HTML_MESSAGE=0.001 autolearn=no
version=3.1.7

My config says:

...
trusted_networks 172.24.0.0/13 207.101.65.90/32 
...

dig says:
 dig -x 216.117.166.139  PTR     nameservices.net.
 dig -x 74.168.150.234   PTR     adsl-074-168-150-234.sip.ilm.bellsouth.net.

I'm thinking maybe the rDNS lookup timed out and so Botnet didn't work
right. I can't really see why the second received header (the DSL one) would
even be referenced with the first received header looking legit.

thots?

Tia

Dan


Mime
View raw message