Dear list, I received this info from a customer, whose order confirmation from the londontheatredirect.com got marked as spam because of BOTNET* rules. Are those rules too old, or is that server in a botnet? How to find out? Or which rules scores should I tune to optimize?
---------- Forwarded message ---------- Datum: Dienstag, 28. Dezember 2010 Preview: LondonTheatreDirect.com Order confirmation Many thanks for your order, christian enserer Please print this confirmation for your reference [...] Analyse Details: (6.0 points, 5.0 required) Pkt Name der Regel Beschreibung ---- ---------------------- ------------------------------------------------- -0.5 L_P0F_D7 L_P0F_D7 0.5 L_P0F_W Relayed through Windows OS except Windows XP 0.0 RELAY_UK Relayed through Brittan 2.2 BOTNET Relay might be a spambot or virusbot [botnet0.8,ip=88.208.245.26,rdns=server88-208-245-26.live- servers.net,maildo main=londontheatredir... 0.3 BOTNET_IPINHOSTNAME Hostname contains its own IP address [botnet_ipinhosntame,ip=88.208.245.26,rdns=server88-208-245-26.live- servers. net] 0.0 BOTNET_CLIENT Relay has a client-like hostname [botnet_client,ip=88.208.245.26,rdns=server88-208-245-26.live- servers.net,ip inhostname] -0.0 BAYES_40 BODY: Bayes spam probability is 20 to 40% [score: 0.3460] 0.0 HTML_MESSAGE BODY: HTML included in message 0.5 MIME_HTML_ONLY BODY: Message only has text/html MIME parts 0.4 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML tag 1.0 RDNS_DYNAMIC Delivered to internal network by host with dynamic-looking rDNS 0.0 LOTS_OF_MONEY Huge... sums of money 1.6 BOTNET_WIN Mail from Windows XP which seems to be in a Botnet
signature.asc
Description: This is a digitally signed message part.