Hi there.
In our box running v1.3.3.8 we found:
Oct-26-07 06:32:25 Connected: 88.205.144.27:1236 -> XXX.XXX.XXX.XXX:25 ->
127.0.0.1:225
Oct-26-07 06:32:27 Commencing DNSBL checks on 88.205.144.27
Oct-26-07 06:32:28 Completed DNSBL checks on 88.205.144.27
Oct-26-07 06:32:28 id-3146c6370 88.205.144.27 <[EMAIL PROTECTED]> to:
[EMAIL PROTECTED]
Received-RWL: not listed rwl=none;
client-ip=88.205.144.27
Oct-26-07 06:32:28 id-3146c6370 88.205.144.27 <[EMAIL PROTECTED]> to:
[EMAIL PROTECTED]
passing if safe because testmode, otherwise Unknown
User
Oct-26-07 06:32:28 [UnknownLocal][testmode] id-3146c6370 88.205.144.27
<[EMAIL PROTECTED]> to:
[EMAIL PROTECTED] spam determined to be safe,
passing on to recipient
Next_Big_market_Winner_ ->
x:\xxxxxxx\assp\assp/spam/6370.eml
Oct-26-07 06:32:28 id-3146c6370 88.205.144.27 <[EMAIL PROTECTED]> to:
[EMAIL PROTECTED] is
disconnected
How is possible this message pass? Why it was not blocked by SPF validation?
Why there isn't SPF entries? SPF ckeck doesn't run if there is a
local-domain address?
SPF for this domain is: v=spf1 a ip4:XXX.XXX.XXX.XXX (and it isn't
88.205.144.27)
We had never seen this before.
How to block UnknowLocal??
If we activate DoNoSpoofing, messages from backup MTA wil be blocked??
Should we put backup MTA IP address anywhere?
Thx in advance,
Pere
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
Assp-user mailing list
Assp-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-user
