This does not appear to be the behavior of a legitimate MTA: 20:28:56 1 SMTP-889([24.14.235.89]) SPAM? Recipient '<[EMAIL PROTECTED]>' rejected: sending host is blacklisted, "sbl-xbl.spamhaus.org" 20:28:56 1 SMTP-890([24.14.235.89]) SPAM? Host is blacklisted per RBL sbl-xbl.spamhaus.org with result [127.0.0.4] 20:28:57 1 SMTP-890([24.14.235.89]) SPAM? Recipient '<[EMAIL PROTECTED]>' rejected: sending host is blacklisted, "sbl-xbl.spamhaus.org" 20:28:57 1 SMTP-891([24.14.235.89]) SPAM? Host is blacklisted per RBL sbl-xbl.spamhaus.org with result [127.0.0.4] 20:28:57 1 SMTP-891([24.14.235.89]) SPAM? Recipient '<[EMAIL PROTECTED]>' rejected: sending host is blacklisted, "sbl-xbl.spamhaus.org" 20:28:57 1 SMTP-892([24.14.235.89]) SPAM? Host is blacklisted per RBL sbl-xbl.spamhaus.org with result [127.0.0.4] 20:28:58 1 SMTP-892([24.14.235.89]) SPAM? Recipient '<[EMAIL PROTECTED]>' rejected: sending host is blacklisted, "sbl-xbl.spamhaus.org" 20:28:58 1 SMTP-893([24.14.235.89]) SPAM? Host is blacklisted per RBL sbl-xbl.spamhaus.org with result [127.0.0.4] 20:28:58 1 SMTP-893([24.14.235.89]) SPAM? Recipient '<[EMAIL PROTECTED]>' rejected: sending host is blacklisted, "sbl-xbl.spamhaus.org" 20:28:58 1 SMTP-894([24.14.235.89]) SPAM? Host is blacklisted per RBL sbl-xbl.spamhaus.org with result [127.0.0.4] 20:28:59 1 SMTP-894([24.14.235.89]) SPAM? Recipient '<[EMAIL PROTECTED]>' rejected: sending host is blacklisted, "sbl-xbl.spamhaus.org"
[EMAIL PROTECTED] replaces the actual recipient but the recipient is the same in all instances. IOW, six simultaneous connections from the same IP address to send to the same recipient. Looks like a spambot to me. Probably a good reason it's in sbl-xbl. Or could this be legit? 24.14.235.89 is c-24-14-235-89.hsd1.il.comcast.net. ############################################################# This message is sent to you because you are subscribed to the mailing list <[email protected]>. To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
