Many of these (on my system) are being detected by SURBL and DBL Tom
On Mar 21, 2012, at 11:21 AM, Michelle Dupuis wrote: > My users are getting flooded with fake linkedin messages. I ran the message > and header through the analyzer and got the info below. Can someone advise > on what I need to adjust to trap these? > > Some notes, netdorm.com is a mail host I use to buffer incoming mail (so I > trust it) - but there is no way this email originated from linkedin. How > should assp be trapping this? Am I missing a setting? > > Thanks! > > > using enhanced Originated IP detection > •detected IP's on the mail routing way: > 135.137.233.112<javascript:void(0);>(no PTR), > 189.60.154.69<javascript:void(0);>(no PTR) > •detected source IP: 135.137.233.112<javascript:void(0);> > > sender and reply addresses: > MAIL FROM: muttere...@linkedin.com<javascript:void(0);> From: > muttere...@linkedin.com<javascript:void(0);> > > recipient addresses: > To: (My address) > > Feature Matching: > > • 67.214.161.138<javascript:void(0);> is in SPFCache: status=softfail with > helo=smtp2.netdorm.com > • SPF-check returned OK for 67.214.161.138<javascript:void(0);> -> > muttere...@linkedin.com<javascript:void(0);>, smtp2.netdorm.com > • URIBL check<http://mail.ocg.ca:55555/#ValidateURIBL>: 'OK' > • Valid Format of HELO<http://mail.ocg.ca:55555/#DoValidFormatHelo>: > 'smtp2.netdorm.com' > • IP 67.214.161.138<javascript:void(0);> is in noPB > IPs<http://mail.ocg.ca:55555/#noPB> (67.214.161.0<javascript:void(0);>/24) > • 135.137.233.112<javascript:void(0);> is in RBLCache: inserted as ok at > 2012-03-21 10:53:02 > • 189.60.154.69<javascript:void(0);> is in RBLCache: inserted as ok at > 2012-03-21 10:53:03 > • domain linkedin.com has valid MXA record: mail-b.linkedin.com > 64.74.98.16<javascript:void(0);> > • 67.214.161.138<javascript:void(0);> is in PTRCache: status=PTR OK - > mr2.netdorm.com > • 67.214.161.0<javascript:void(0);> has a Griplist value of 0.8 > ------------------------------------------------------------------------------ > This SF email is sponsosred by: > Try Windows Azure free for 90 days Click Here > http://p.sf.net/sfu/sfd2d-msazure > _______________________________________________ > Assp-test mailing list > Assp-test@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/assp-test ------------------------------------------------------------------------------ This SF email is sponsosred by: Try Windows Azure free for 90 days Click Here http://p.sf.net/sfu/sfd2d-msazure _______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
