http://www.spamhaus.org/query/ip/10.10.114.156
10.10.114.156 is not listed in the SBL 10.10.114.156 is not listed in the PBL 10.10.114.156 is not listed in the XBL Cheers, Phil -- Phil Randal Infrastructure Engineer Hoople Ltd | Thorn Office Centre | Hereford HR2 6JT Tel: 01432 260415 | Email: phil.ran...@hoopleltd.co.uk<mailto:phil.ran...@hoopleltd.co.uk> From: Kevin A. McGrail [mailto:kmcgr...@pccc.com] Sent: 14 August 2013 15:11 To: Nigel Smith Cc: users@spamassassin.apache.org Subject: Re: Big problems with senders who use Microsoft Bigfish (a.k.a. FrontBridge) On 8/14/2013 9:49 AM, Nigel Smith wrote: Hi, SpamAssassin version 3.3.2 running on Perl version 5.14.2 3.2.0-49-generic #75-Ubuntu SMP Tue Jun 18 17:39:32 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux (ubuntu 12.04LTS) I'm having some major problems at the moment with people who send mail via their corporate email platforms hosted on Microsoft's Bigfish (a.ka. FrontBridge, or whatever they're choosing to call it today !). The problem seems to be a conflict something in one of the headers Microsoft add : X-Forefront-Antispam-Report-Untrusted: SFV:NSPM;SFS:(24454002)(377454003)(51704005)(199002)(189002)(16406001)(54356001)(69226001)(74876001)(79102001)(4396001)(81542001)(49866001)(47736001)(47446002)(31966008)(74662001)(74502001)(81342001)(76482001)(80976001)(56776001)(54316002)(53806001)(74706001)(77096001)(56816003)(66066001)(80022001)(65816001)(77982001)(59766001)(74366001)(51856001)(46102001)(36756003)(63696002)(50986001)(47976001)(19580395003)(19580405001)(83072001)(76796001)(83322001)(33656001)(76786001)(81686001)(81816001);DIR:OUT;SFP:;SCL:1;SRVR:BLUPR03MB003;H:BLUPR03MB001.namprd03.prod.outlook.com;CLIP:10.10.114.156;RD:InfoNoRecords;A:1;MX:1;LANG:en; x-originating-ip: [10.10.114.156] X-MS-Exchange-CrossPremises-originalclientipaddress: 10.10.114.156 And one of my SA rules : # Locally hosted Spamhaus score __RCVD_IN_ZEN 0 header ITS_RCVD_IN_ZEN eval:check_rbl('zen', 'zen.dnsbl.') describe ITS_RCVD_IN_ZEN Received via a relay in Spamhaus Zen tflags ITS_RCVD_IN_ZEN net reuse ITS_RCVD_IN_ZEN score ITS_RCVD_IN_ZEN 30.0 This triggers : * 30 ITS_RCVD_IN_ZEN RBL: Received via a relay in Spamhaus Zen * [10.10.114.156 listed in zen.dnsbl] The only place that IP can be found (i.e. cat spam-97InS+5ooirt | grep "10.10.114.156") is in the three headers above. The rcvd lines do not match. 10.X is a private network. Why is Zen listing it? Have you checked that IP on the real Zen listing and not on your cached server? regards, KAM Hoople Ltd, Registered in England and Wales No. 7556595 Registered office: Plough Lane, Hereford, HR4 0LE "Any opinion expressed in this e-mail or any attached files are those of the individual and not necessarily those of Hoople Ltd. You should be aware that Hoople Ltd. monitors its email service. This e-mail and any attached files are confidential and intended solely for the use of the addressee. This communication may contain material protected by law from being passed on. If you are not the intended recipient and have received this e-mail in error, you are advised that any use, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited. If you have received this e-mail in error please contact the sender immediately and destroy all copies of it."
