Dear list, I received this info from a customer, whose order confirmation from the londontheatredirect.com got marked as spam because of BOTNET* rules. Are those rules too old, or is that server in a botnet? How to find out? Or which rules scores should I tune to optimize?
---------- Forwarded message ----------
Datum: Dienstag, 28. Dezember 2010
Preview: LondonTheatreDirect.com Order confirmation Many thanks for
your order, christian enserer Please print this confirmation for your
reference
[...]
Analyse Details: (6.0 points, 5.0 required)
Pkt Name der Regel Beschreibung
---- ----------------------
-------------------------------------------------
-0.5 L_P0F_D7 L_P0F_D7
0.5 L_P0F_W Relayed through Windows OS except Windows XP
0.0 RELAY_UK Relayed through Brittan
2.2 BOTNET Relay might be a spambot or virusbot
[botnet0.8,ip=88.208.245.26,rdns=server88-208-245-26.live-
servers.net,maildo
main=londontheatredir...
0.3 BOTNET_IPINHOSTNAME Hostname contains its own IP address
[botnet_ipinhosntame,ip=88.208.245.26,rdns=server88-208-245-26.live-
servers.
net]
0.0 BOTNET_CLIENT Relay has a client-like hostname
[botnet_client,ip=88.208.245.26,rdns=server88-208-245-26.live-
servers.net,ip
inhostname]
-0.0 BAYES_40 BODY: Bayes spam probability is 20 to 40%
[score: 0.3460]
0.0 HTML_MESSAGE BODY: HTML included in message
0.5 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
0.4 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML tag
1.0 RDNS_DYNAMIC Delivered to internal network by host with
dynamic-looking rDNS
0.0 LOTS_OF_MONEY Huge... sums of money
1.6 BOTNET_WIN Mail from Windows XP which seems to be in a
Botnet
signature.asc
Description: This is a digitally signed message part.
