> From: Bart Dumon <[email protected]> > 1.3.29 has dnswl medium (127.0.x.2) removed, is there any specific > reason for this? Chance of > false positives? btw, very welcome addition, thanks!
I saw unmitigated spam with an envelope Mail_From value of [email protected] from 64.18.2.218. 218.2.18.64.list.dnswl.org=127.0.5.2 These were the headers from the dccm log file. (As an asside, notice the non-standard, not in RFC 5321 or RFC 5322, "Reinject" field. I've converted the From: and Subject: fields so they won't be 8-bit.) Received: from exprod7ob116.obsmtp.com (exprod7ob116.obsmtp.com [64.18.2.218]) by calcite.rhyolite.com (8.14.4/8.14.4) with SMTP id o6VN8bcZ093570 for <[email protected]> env-from <[email protected]>; Sat, 31 Jul 2010 23:08:38 GMT Reinject: from source ([71.174.102.163]) (using TLSv1) by exprod7ob116.postini.com ([64.18.6.12]) with SMTP ID DSNKTFSs7lOm0KxC+/[email protected]; Sat, 31 Jul 2010 16:08:37 PDT Reinject: from exprod7og114.obsmtp.com (64.18.2.214) by SMGEXCHANGE.SVMGilmore.com (10.0.116.10) with Microsoft SMTP Server id 14.0.639.21; Sat, 31 Jul 2010 15:26:04 -0400 Received: from source ([71.174.102.163]) (using TLSv1) by exprod7ob114.postini.com ([64.18.6.12]) with SMTP ID [email protected]; Sat, 31 Jul 2010 12:23:00 PDT Received: from 71.174.102.163 (220.173.136.75) by SMGEXCHANGE.SVMGilmore.com (10.0.116.10) with Microsoft SMTP Server id 14.0.639.21; Sat, 31 Jul 2010 13:02:46 -0400 Received: from 202.144.213.90 by 220.173.136.75; Thu, 05 Aug 2010 11:00:52 -0600 Message-ID: <[email protected]> From: "\xa7K\xc0\xa3\xa7K\xabO\xa1A\xa7Y\xa5i\xbf\xec\xa1A" <[email protected] To: <[email protected]> Subject: \xa5i\xa4\xc0\xaa\xf8\xb5u\xb4\xc1\xa8\xcf\xa5\xce\xa1C Date: Thu, 5 Aug 2010 20:02:52 +0300 X-Mailer: The Bat! (v1.52f) Business MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="--387527121111132" X-Priority: 1 X-MSMail-Priority: High X-DCC-Rhyolite-Metrics: calcite.rhyolite.com; whitelist I also noticed that 207.171.164.40 is listed at 40.164.171.207.list.dnswl.org=127.0.14.2, but I have seen unsolicited bulk advertising email from Amazon within the last 12 months. Vernon Schryver [email protected] _______________________________________________ DCC mailing list [email protected] http://www.rhyolite.com/mailman/listinfo/dcc
