We're working with someone who has a domain that starts with a
number: 360skincare.com. So it gets bit by FROM_STARTS_WITH_NUMS. I
also see some for suspicious hostname.
A little more background: the sender appears to come from pacbell.net
isp and using a webmail client.
Are these "suspicious hostname" entries appearing because the
hostname starts with a number? Any other advice on these headers to
help the user not appear as sending spam? I suspect they are out of
luck for the bl rules if pacbell is on a block list.
Here are the full headers (since upgraded to 3.0.4):
From: [EMAIL PROTECTED]
Date: July 9, 2005 2:00:29 PM MST
To: [EMAIL PROTECTED]
Subject: Re: here you go
Return-Path: [EMAIL PROTECTED]
Delivered-To: [EMAIL PROTECTED]
Received: (qmail 31028 invoked from network); 9 Jul 2005 21:00:29
-0000
Received: from localhost (127.0.0.1) by localhost with SMTP; 9 Jul
2005 21:00:29 -0000
Received: from adsl-64-165-17-127.dsl.sndg02.pacbell.net
(adsl-64-165-17-127.dsl.sndg02.pacbell.net [64.165.17.127]) by
webmail.360skincare.com (IMP) with HTTP for
<[EMAIL PROTECTED]@localhost>; Sat, 9 Jul 2005 17:00:29 -0400
Message-Id: <[EMAIL PROTECTED]>
References: <[EMAIL PROTECTED]>
In-Reply-To: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
User-Agent: Internet Messaging Program (IMP) 3.2.3
X-Originating-Ip: 64.165.17.127
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 3.0.3 (2005-04-27) on hidden2
X-Spam-Level: *******
X-Spam-Status: Yes, score=7.5 required=5.0
tests=FROM_STARTS_WITH_NUMS,
HELO_DYNAMIC_DHCP,HELO_DYNAMIC_HCC,HELO_DYNAMIC_IPADDR,
RCVD_IN_NJABL_DUL autolearn=no version=3.0.3
X-Spam-Report: * 0.1 HELO_DYNAMIC_DHCP Relay HELO'd using
suspicious hostname (DHCP) * 1.5 HELO_DYNAMIC_HCC Relay HELO'd
using suspicious hostname (HCC) * 2.8 HELO_DYNAMIC_IPADDR Relay
HELO'd using suspicious hostname (IP addr 1) * 1.5
FROM_STARTS_WITH_NUMS From: starts with nums * 1.7
RCVD_IN_NJABL_DUL RBL: NJABL: dialup sender did non-local SMTP
* [64.165.17.127 listed in combined.njabl.org]