hotmail first HOP?

6 May 2004 18:51:46 -0000

Would appreciaate some clarification of the firsthop look up rules for BlackLists..
This one is a valid mail from a hotmail account, and it nearly got hammered: (i've xxxxxxxx'd out all private info..)
Shouldn't 200.78.33.237 be treated as the first hop (originating host)
and therefore not trigger in all those blacklists?

thnx,
keith.


PROBLEM MESSAGE FOLLOWS:

Return-Path: <[EMAIL PROTECTED]>
Received: from hotmail.com (bay2-f170.bay2.hotmail.com [65.54.247.170])
        by xxxxxxxxxxxxxxxxxxx (8.12.11/8.12.11) with ESMTP id i46IWnSi008992
        for <xxxxxxxxxxxxxxxxxxxxx>; Thu, 6 May 2004 19:32:49 +0100
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
         Thu, 6 May 2004 11:32:43 -0700
Received: from 200.78.33.237 by by2fd.bay2.hotmail.msn.com with HTTP;
        Thu, 06 May 2004 18:32:42 GMT
X-Originating-IP: [200.78.33.237]
X-Originating-Email: [EMAIL PROTECTED]
X-Sender: [EMAIL PROTECTED]
From: "xxxxxxxxxxx" <[EMAIL PROTECTED]>
To: xxxxxxxxxxxxxxxxxxxxxx
Subject: ** SPAM? (6.522) xxxxxxxxxxxxxxxxx **
Date: Thu, 06 May 2004 18:32:42 +0000
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="----------=_1083868372-7696-6"
Message-ID: <[EMAIL PROTECTED]>
X-OriginalArrivalTime: 06 May 2004 18:32:43.0210 (UTC) 
FILETIME=[84F7E2A0:01C43398]
X-Spam-Score: 6.522 (******) 
HTML_MESSAGE,MIME_HTML_NO_CHARSET,MIME_HTML_ONLY,RCVD_IN_DSBL,RCVD_IN_NJABL,RCVD_IN_NJABL_PROXY,RCVD_IN_SORBS,RCVD_IN_SORBS_HTTP,RCVD_IN_SORBS_MISC,RCVD_IN_SORBS_SOCKS
X-Spam-Level: ******
X-Scanned-By: MIMEDefang 2.42

This is a multi-part message in MIME format...

------------=_1083868372-7696-6
Content-Type: text/html
Content-Disposition: inline

<html>
[ ...
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx ...]
</html>

------------=_1083868372-7696-6
Content-Type: text/plain; name="SpamAssassinReport.txt"
Content-Disposition: inline; filename="SpamAssassinReport.txt"
Content-Transfer-Encoding: 7bit
MIME-Version: 1.0
X-Mailer: MIME-tools 5.411 (Entity 5.404)

Spam detection software, running on the system "xxxxxxxxxxxxxxx", has
identified this incoming email as possible spam.  The original message
has been attached to this so you can view it (if it isn't spam) or block
similar future email.  If you have any questions, see
the administrator of that system for details.

Content analysis details:   (6.5 points, 9.0 required)

pts rule name              description
---- ---------------------- --------------------------------------------------
0.1 MIME_HTML_ONLY         BODY: Message only has text/html MIME parts
0.0 HTML_MESSAGE           BODY: HTML included in message
0.7 MIME_HTML_NO_CHARSET   RAW: Message text in HTML without charset
1.1 RCVD_IN_SORBS_HTTP     RBL: SORBS: sender is open HTTP proxy server
                           [200.78.33.237 listed in dnsbl.sorbs.net]
1.1 RCVD_IN_SORBS_MISC     RBL: SORBS: sender is open proxy server
                           [200.78.33.237 listed in dnsbl.sorbs.net]
0.1 RCVD_IN_SORBS          RBL: SORBS: sender is listed in SORBS
                           [200.78.33.237 listed in dnsbl.sorbs.net]
0.1 RCVD_IN_NJABL          RBL: Received via a relay in dnsbl.njabl.org
                           [200.78.33.237 listed in dnsbl.njabl.org]
1.1 RCVD_IN_DSBL           RBL: Received via a relay in list.dsbl.org
                           [<http://dsbl.org/listing?ip=200.78.33.237>]
1.1 RCVD_IN_NJABL_PROXY    RBL: NJABL: sender is an open proxy
                           [200.78.33.237 listed in dnsbl.njabl.org]
1.1 RCVD_IN_SORBS_SOCKS    RBL: SORBS: sender is open SOCKS proxy server
                           [200.78.33.237 listed in dnsbl.sorbs.net]



------------=_1083868372-7696-6--

Reply via email to