[Assp-test] Trying to block fake linkedin messages

Wed, 21 Mar 2012 08:34:48 -0700 

My users are getting flooded with fake linkedin messages.  I ran the message 
and header through the analyzer and got the info below.  Can someone advise on 
what I need to adjust to trap these?

Some notes, netdorm.com is a mail host I use to buffer incoming mail (so I 
trust it) - but there is no way this email originated from linkedin.  How 
should assp be trapping this?  Am I missing a setting?

Thanks!


using enhanced Originated IP detection
•detected IP's on the mail routing way: 135.137.233.112<javascript:void(0);>(no 
PTR), 189.60.154.69<javascript:void(0);>(no PTR)
•detected source IP: 135.137.233.112<javascript:void(0);>

sender and reply addresses:
MAIL FROM: muttere...@linkedin.com<javascript:void(0);> From: 
muttere...@linkedin.com<javascript:void(0);>

recipient addresses:
To:  (My address)

Feature Matching:

• 67.214.161.138<javascript:void(0);> is in SPFCache: status=softfail with 
helo=smtp2.netdorm.com
• SPF-check returned OK for 67.214.161.138<javascript:void(0);> -> 
muttere...@linkedin.com<javascript:void(0);>, smtp2.netdorm.com
• URIBL check<http://mail.ocg.ca:55555/#ValidateURIBL>: 'OK'
• Valid Format of HELO<http://mail.ocg.ca:55555/#DoValidFormatHelo>: 
'smtp2.netdorm.com'
• IP 67.214.161.138<javascript:void(0);> is in noPB 
IPs<http://mail.ocg.ca:55555/#noPB> (67.214.161.0<javascript:void(0);>/24)
• 135.137.233.112<javascript:void(0);> is in RBLCache: inserted as ok at 
2012-03-21 10:53:02
• 189.60.154.69<javascript:void(0);> is in RBLCache: inserted as ok at 
2012-03-21 10:53:03
• domain linkedin.com has valid MXA record: mail-b.linkedin.com 
64.74.98.16<javascript:void(0);>
• 67.214.161.138<javascript:void(0);> is in PTRCache: status=PTR OK - 
mr2.netdorm.com
• 67.214.161.0<javascript:void(0);> has a Griplist value of 0.8
------------------------------------------------------------------------------
This SF email is sponsosred by:
Try Windows Azure free for 90 days Click Here 
http://p.sf.net/sfu/sfd2d-msazure
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

Reply via email to