Botnet problem

Mon, 02 Jul 2007 04:40:24 -0700 

I have an address, which has it's mx in external trusted network, which then 
hands it over to my own server.

Headers:

Return-Path: <[EMAIL PROTECTED]>
X-Original-To: [EMAIL PROTECTED]
Delivered-To: [EMAIL PROTECTED]
Received: from localhost (localhost [127.0.0.1])
 by pena.example.com (Postfix) with ESMTP id 7444190C
 for <[EMAIL PROTECTED]>; Mon,  2 Jul 2007 05:10:28 +0300 (EEST)
*** RELAY#2: BELOW IS MY SERVER GETTING THE MESSAGE FROM A TRUSTED MIDDLE MAN 
***
Received: from ainavaan.iki.fi (ainavaan.iki.fi [212.16.98.51])
 by pena.example.com (Postfix) with ESMTP id 1754F7EA
 for <[EMAIL PROTECTED]>; Mon,  2 Jul 2007 05:10:27 +0300 (EEST)
*** RELAY#1: BELOW IS THE TRUSTED MIDDLE MAN RECEIVING THE MESSAGE FROM A 
SPAMBOT ***
Received: from 125-25-91-188.adsl.totbb.net (125-25-91-188.adsl.totbb.net 
[125.25.91.188])
 by ainavaan.iki.fi (8.13.8/8.13.8) with ESMTP id l622AAka001719;
 Mon, 2 Jul 2007 05:10:13 +0300 (EEST)
Received: from 212.37.195.89 (HELO mailsmtp4.internet-fr.net)
     by iki.fi with esmtp (DT;53H-O/,>) 3.B4AV)
     id A4XV3A-4+B/6O-KU
     for [EMAIL PROTECTED]; Mon, 2 Jul 2007 02:08:05 -0700
Date:  Mon, 2 Jul 2007 02:08:05 -0700
From: "Marquis Benson" <[EMAIL PROTECTED]>
X-Mailer: The Bat! (v3.0.1.33) UNREG / CD5BF9353B3B7091
X-Priority: 3 (Normal)
Message-ID: <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Get out of the obese crowd
MIME-Version: 1.0
Content-Type: multipart/alternative;
  boundary="----------67109D3E5409DA37"
X-Spam: Not detected


Problem:

Botnet evaluates the server "ainavaan.iki.fi" and as it finds it trusted it 
drops the case. No BOTNET rules are triggered.

If I edit the "trusted middleman" out of the headers, 

Return-Path: <[EMAIL PROTECTED]>
X-Original-To: [EMAIL PROTECTED]
Delivered-To: [EMAIL PROTECTED]
Received: from localhost (localhost [127.0.0.1])
 by pena.example.com (Postfix) with ESMTP id 7444190C
 for <[EMAIL PROTECTED]>; Mon,  2 Jul 2007 05:10:28 +0300 (EEST)
Received: from 125-25-91-188.adsl.totbb.net (125-25-91-188.adsl.totbb.net 
[125.25.91.188])
 by pena.example.com (Postfix) with ESMTP id 1754F7EA
 for <[EMAIL PROTECTED]>; Mon,  2 Jul 2007 05:10:27 +0300 (EEST)
Received: from 212.37.195.89 (HELO mailsmtp4.internet-fr.net)
     by iki.fi with esmtp (DT;53H-O/,>) 3.B4AV)
     id A4XV3A-4+B/6O-KU
     for [EMAIL PROTECTED]; Mon, 2 Jul 2007 02:08:05 -0700

then Botnet "sees" 125-25-91-188.adsl.totbb.net and triggers BOTNET rules 
correctly.


Can I fix this problem somehow with configuration, or does it need something in 
the Botnet.pm? I'm not very good at perl..

Attachment: smime.p7s
Description: S/MIME cryptographic signature

Reply via email to