I don't have that specific one, but here is another one.. I have been
getting pounded with this all day - this is way out of the norm. Only thing
that has changed on this server is Declude 3.0 went on yesterday.
This one came from 66.148.169.235 - ARIN says
OrgName: NuVox Communications, Inc.
OrgID: NUVOX
Address: 301 N Main Street
Address: Suite 5000
City: Greenville
StateProv: SC
PostalCode: 29601
Country: US
Declude says -> Line 221 (Weight 5) which is this line
COUNTRIES 5 CONTAINS TW
Received: from cpsxch1.colemanprof.com [66.148.169.235] by
mail1.gannett-tv.com with ESMTP
(SMTPD32-8.13) id A08586105E8; Tue, 27 Sep 2005 15:41:57 -0400
Importance: normal
Priority: normal
Content-Class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
charset="UTF-8"
Content-Transfer-Encoding: base64
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441
Subject: FW: MC'ing an Educator of the Year event in Portage County
Date: Tue, 27 Sep 2005 15:41:00 -0400
Message-ID:
<[EMAIL PROTECTED]>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: MC'ing an Educator of the Year event in Portage County
thread-index: AcXDmS1cQjIFkAV3RkG55oCy8k1bpQAAjLAi
From: "Rochelle Fisher" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
X-RBL-Warning: COUNTRY: Message failed COUNTRY test (line 221, weight 5)
X-RBL-Warning: HELOBOGUS: Domain cpsxch1.xxxxxxxx.com has no MX or A records
[0301].
X-RBL-Warning: BASE64: A binary encoded text or HTML section was found in
this E-mail.
X-RBL-Warning: CMDSPACE: Space found in RCPT TO: command.
X-Declude-Sender: [EMAIL PROTECTED] [66.148.169.235]
X-Declude-Spoolname: Da085086105e8ef78.smd
X-Spam-Tests-Failed: POSTMASTER, COUNTRY, HELOBOGUS, BASE64, CMDSPACE
X-Spam-Weight: -36
Status: U
X-UIDL: 395171064
Nick Hayer writes:
Well this is more of a question than a stab -
Can we see the full header? Yesterday I had something very similar -
email from Venezuela but the ip was registered in Virginian according to
Arin.
-Nick
Darrell ([EMAIL PROTECTED]) wrote:
Anyone want to take a stab at this one I would appreciate it.
216.55.166.147 - IPWHOIS Says its being used in San Diego CA
Declude via Countries Test Reports
09/27/2005 14:58:39.015 q96320ffe0578da59.smd Msg failed COUNTRY (Message
failed COUNTRY test (line 15, weight 5)). Action=WARN.
Line 15: is the country "AR"
The message was directly send from 216.55.166.147 so there were no other
hops in the message in case it caught it in the country chain.
It's just really weird as I am getting all kinds of messages that are
legit seemingly get triggered on the country and mailfrom test..
Any thoughts?
Darrell
------------------------------------------------------------------------
Check out http://www.invariantsystems.com for utilities for Declude And
Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration,
MRTG Integration, and Log Parsers.
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
------------------------------------------------------------------------
Check out http://www.invariantsystems.com for utilities for Declude And
Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG
Integration, and Log Parsers.
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
