A very similar scenario happened on our domain:
-----[Initial delayed session]-----
Nov-24-06 12:23:23 Connected: 91.64.187.125:4651 -> 10.11.12.13:25 ->
127.0.0.1:125
Nov-24-06 12:23:23 91.64.187.125 <[EMAIL PROTECTED]> adding new
triplet: [EMAIL PROTECTED])
Nov-24-06 12:23:23 91.64.187.125 <[EMAIL PROTECTED]> recipient
delayed: [EMAIL PROTECTED]
Nov-24-06 12:23:24 91.64.187.125 <[EMAIL PROTECTED]> is disconnected
-----[Waited 15 minutes, rejected for HELO]-----
Nov-24-06 12:38:26 Connected: 91.64.187.125:3748 -> 10.11.12.13:25 ->
127.0.0.1:125
Nov-24-06 12:38:26 91.64.187.125 <[EMAIL PROTECTED]> whitelisting
triplet: [EMAIL PROTECTED]) waited: 15m 3s
Nov-24-06 12:38:26 91.64.187.125 <[EMAIL PROTECTED]> to:
[EMAIL PROTECTED] recipient accepted: [EMAIL PROTECTED]
Nov-24-06 12:38:27 PB: 91.64.187.125 score: 0+20 => 20 reason:
91.64.187.125:InvalidHelo
Nov-24-06 12:38:27 91.64.187.125 <[EMAIL PROTECTED]> to:
[EMAIL PROTECTED] Validate Sender: Invalid HELO Format 'ymqubba' ->
d:\assp/corpus/spam/8572.eml
Nov-24-06 12:38:27 91.64.187.125 <[EMAIL PROTECTED]> to:
[EMAIL PROTECTED] deleting spamming whitelisted tuplet: (91.64.187.0,
emf780.den.mmc.com) age: 1s
Nov-24-06 12:38:27 91.64.187.125 <[EMAIL PROTECTED]> to:
[EMAIL PROTECTED] is disconnected
-----[Second delayed session, immeadiately following previous
rejection]-----
Nov-24-06 12:38:29 Connected: 91.64.187.125:3756 -> 10.11.12.13:25 ->
127.0.0.1:125
Nov-24-06 12:38:29 91.64.187.125 <[EMAIL PROTECTED]> adding new
triplet: [EMAIL PROTECTED])
Nov-24-06 12:38:29 91.64.187.125 <[EMAIL PROTECTED]> recipient
delayed: [EMAIL PROTECTED]
Nov-24-06 12:38:29 91.64.187.125 <[EMAIL PROTECTED]> is disconnected
-----[Waiting 15 minutes, rejected but not by HELO check]-----
Nov-24-06 12:53:36 Connected: 91.64.187.125:2433 -> 10.11.12.13:25 ->
127.0.0.1:125
Nov-24-06 12:53:36 91.64.187.125 <[EMAIL PROTECTED]> whitelisting
triplet: [EMAIL PROTECTED]) waited: 15m 7s
Nov-24-06 12:53:36 91.64.187.125 <[EMAIL PROTECTED]> to:
[EMAIL PROTECTED] recipient accepted: [EMAIL PROTECTED]
Nov-24-06 12:53:36 91.64.187.125 <[EMAIL PROTECTED]> to:
[EMAIL PROTECTED] Received-SPF: neutral (ASSP-nospam: local policy) client-ip=
91.64.187.125; [EMAIL PROTECTED]; helo=mrhl;
Nov-24-06 12:53:36 Commencing RBL checks on 91.64.187.125
Nov-24-06 12:53:36 91.64.187.125 <[EMAIL PROTECTED]> to:
[EMAIL PROTECTED] Received-RBL: fail (ASSP-nospam: local policy) rbl=
zen.spamhaus.org; client-ip=91.64.187.125;
Nov-24-06 12:53:36 RBLCache: adding 91.64.187.125:zen.spamhaus.org
Nov-24-06 12:53:36 91.64.187.125 <[EMAIL PROTECTED]> to:
[EMAIL PROTECTED] failed RBL checks -> d:\assp/corpus/spam/9490.eml
Nov-24-06 12:53:36 91.64.187.125 <[EMAIL PROTECTED]> to:
[EMAIL PROTECTED] deleting spamming whitelisted tuplet: (91.64.187.0,
emf780.den.mmc.com) age: 0s
Nov-24-06 12:53:36 91.64.187.125 <[EMAIL PROTECTED]> to:
[EMAIL PROTECTED] is disconnected
Nov-24-06 12:53:38 Connected: 91.64.187.125:2439 -> 10.11.12.13:25 ->
127.0.0.1:125
Nov-24-06 12:53:39 91.64.187.125 <[EMAIL PROTECTED]> adding new
triplet: [EMAIL PROTECTED])
Nov-24-06 12:53:39 91.64.187.125 <[EMAIL PROTECTED]> recipient
delayed: [EMAIL PROTECTED]
Nov-24-06 12:53:39 91.64.187.125 <[EMAIL PROTECTED]> is disconnected
Nov-24-06 13:08:41 Connected: 91.64.187.125:3462 -> 10.11.12.13:25 ->
127.0.0.1:125
Nov-24-06 13:08:41 91.64.187.125 <[EMAIL PROTECTED]> RBLCache: -
91.64.187.125 blocked by zen.spamhaus.org (06-11-24/12:53)
Nov-24-06 13:08:41 91.64.187.125 <[EMAIL PROTECTED]> is disconnected
Nov-24-06 13:23:45 Connected: 91.64.187.125:4189 -> 10.11.12.13:25 ->
127.0.0.1:125
Nov-24-06 13:23:45 91.64.187.125 <[EMAIL PROTECTED]> RBLCache: -
91.64.187.125 blocked by zen.spamhaus.org (06-11-24/12:53)
Nov-24-06 13:23:45 91.64.187.125 <[EMAIL PROTECTED]> is disconnected
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Assp-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/assp-user
