Just had a compromised account on one of my customer's mail servers
(96.4.156.21) try to blast out phishing email. This 96.4 IP is our
customer space so it's in my trusted_networks since it will not forge
the Received header.
The 88.233 IP is from Turkey (88.233.47.16.dynamic.ttnet.com.tr) and
should have triggered a number of rules based on the RelayCountry plugin.
This email should not have hit ALL_TRUSTED and should have done
RelayCountry and ASN lookups on 88.233.47.16.
Received: from mail.lced.net (mail.lced.net [96.4.156.2])
by smtp5i.ena.net (Postfix) with ESMTP id DF9421480F90
for <brookeandj...@eastlink.ca>; Thu, 4 Jul 2019 12:56:42 -0500 (CDT)
Received: from 192.168.1.2 (unknown [88.233.47.16])
by mail.lced.net (Postfix) with ESMTPA id 8F22630961D6D
for <brookeandj...@eastlink.ca>; Thu, 4 Jul 2019 12:56:40 -0500 (CDT)
--
David Jones
