Charles Gregory a écrit : > Hello! > > Quick question: Does Spamassassin's "RCVD" tests also check headers > labelled "X-Originating-IP"?
yes. > > In particular, I received the below message from hotmail with hits on > RCVD_IN_BL_SPAMCOP_NET and RCVD_IN_SORBS_WEB. Neither of the > hotmail IP's is found in *any* RBL listed at mailabuse.org's multi-check. > The X-originating-IP shows up in the sorbs RBL but not the spamcop one. > Is this a case where hotmail got a FP corrected in 12 hours? Or is there > something else going on to trigger these tests? > 66.110.6.119 is listed in CBL, SORBS, BRBL (Barracuda), ... so this IP is owned or whatever, and in any case, it sends spam. thus any mail that was sent from or via this IP is suspicious and deserves some points. > Return-Path: <__...@sympatico.ca> > Received: by barton.hwcn.org (Postfix, from userid 110) > id A4B4EF3EF8; Tue, 26 May 2009 17:04:28 -0400 (EDT) > X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on barton.hwcn.org > X-Spam-Level: ***** > X-Spam-Status: No, hits=5.6 required=10.0 autolearn=disabled > > tests=HTML_MESSAGE=0.001,RCVD_IN_BL_SPAMCOP_NET=4.5,RCVD_IN_SORBS_WEB=1.117 > Received: from col0-omc2-s17.col0.hotmail.com > (col0-omc2-s17.col0.hotmail.com > [65.55.34.91]) > by barton.hwcn.org with SMTP id 2nv8k5uzsjhw4rtthhp9guzsha; > for off...@hwcn.org; > Tue, 26 May 2009 17:04:21 -0400 (EDT) > (envelope-from culs...@sympatico.ca) > Received-SPF: Pass; receiver=barton.hwcn.org; client-ip=65.55.34.91; > envelope-from=<culs...@sympatico.ca>; > helo=col0-omc2-s17.col0.hotmail.com; > mechanism=include:hotmail.com (include:spf-a.hotmail.com > (ip4:65.52.0.0/14 > -> pass) -> pass) > X-Avenger: version=0.7.9; receiver=barton.hwcn.org; client-ip=65.55.34.91; > client-port=25067; syn-fingerprint=65535:112:1:48:M1460,N,N,S > Windows 2000 > SP4, XP SP1; data-bytes=0; network-path=208.65.246.17 208.72.120.5 > 74.205.221.2 38.104.159.125 38.20.41.73 154.54.28.33 154.54.27.165 > 154.54.7.30 207.46.33.29 154.54.27.206 207.46.33.29 207.46.43.153 > 207.46.43.153 10.22.12.134 10.22.12.134 207.46.41.209; > network-path-time=1243371861 > Received: from COL104-W8 ([65.55.34.72]) by > col0-omc2-s17.col0.hotmail.com with > Microsoft SMTPSVC(6.0.3790.3959); > Tue, 26 May 2009 14:04:38 -0700 > Message-ID: <col104-w8d40e0023b93e83b4ffcbc6...@phx.gbl> > Content-Type: multipart/alternative; > boundary="_be3ff754-56a4-49ca-a500-6d9290a4f246_" > X-Originating-IP: [66.110.6.119] > From: <___...@sympatico.ca> > To: <off...@hwcn.org> > Date: Tue, 26 May 2009 21:04:38 +0000 > Importance: Normal > MIME-Version: 1.0 > X-OriginalArrivalTime: 26 May 2009 21:04:39.0020 (UTC) > FILETIME=[94F89AC0:01C9DE45] > Subject: DSL rates > > (body snipped) > > --
