On of my IMGates has received this error, which was not covered by the matches in spam-stats.pl (and this is the first time I've seen this error):
Dec 27 16:12:12 mx1 postfix/smtpd[19193]: 608DF2A889: reject: RCPT from 69-162-204-176.bflony.adelphia.net[69.162.204.176]: 501 <[filename /home/admin/domains.txt]>: Helo command rejected: invalid ip address; from=<[EMAIL PROTECTED] /home/admin/domains.txt]> to=<[EMAIL PROTECTED]> proto=SMTP helo=<[filename /home/admin/domains.txt]> Over 500 rejects like this, from about 270 distinct IPs. The helo_hostnames.regexp DUNNOs "domain literal" of [ip.ad.re.ss], but the spamware originating it is buggy or setup wrong. It appears that the HELO hostname and FROM @sender.domain are to forged by taking them from a file domains.txt. :)) What's interesting is that 270 machines have the same never-seen error on the same day. They probably have some kind of RAT infection and the master machine has given all of the RATted machines bad info. Len
