Hi again,
I have more information on those untrusted hosts.
ALL_TRUSTED is a bit odd. If you you look back through the debug, it
>> has identified untrusted relays:
>>
>> [11689] dbg: metadata: X-Spam-Relays-Untrusted: [ ip=194.230.33.137
>> rdns=mx.xm-rz.net helo=mail.xm-rz.net by=myhost.mydomain.com ident=
>> envfrom= intl=0 id=B94C2118004 auth= msa=0 ] [ ip=62.2.104.4 rdns=
>
>
Now, for some reason, when I run this spam through SA, I see this:
X-Spam-Report:
* -4.0 RCVD_IN_DNSWL_MED RBL: Sender listed at http://www.dnswl.org/
,
* medium trust
* [194.230.33.137 listed in list.dnswl.org]
* 0.0 STOX_REPLY_TYPE STOX_REPLY_TYPE
* 3.6 LOCAL_RECVD_TP Recvd from botnet
* 3.6 LOCAL_RECVD_XM Recvd from botnet
* 2.0 LOCAL_BODY_4046600451 BODY: This message contained the string
* "1.845.709.8044"
* 2.0 LOCAL_BODY_1577053434 BODY: This message contained the string
* "845.709.8044"
X-Spam-Status: Yes, score=7.2 required=5.0 tests=LOCAL_BODY_1577053434,
LOCAL_BODY_4046600451,LOCAL_RECVD_TP,LOCAL_RECVD_XM,RCVD_IN_DNSWL_MED,
STOX_REPLY_TYPE shortcircuit=no autolearn=disabled version=3.2.5
What the hell is RECVD_IN_DNSWL_MED and why is it trusted in dnswl.org?
Thanks,
Alex
