Suhas Ingale schrieb:
Any custom rules to catch this?
without headers i cant tell but i had the same spam, so here is my report:
* 4.4 HELO_DYNAMIC_IPADDR2 Relay HELO'd using suspicious hostname (IP
addr
* 2)
* 0.0 FH_HELO_EQ_D_D_D_D Helo is d-d-d-d
* 2.0 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in
bl.spamcop.net
* [Blocked - see <http://www.spamcop.net/bl.shtml?86.124.176.33>]
* 3.0 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL
* [86.124.176.33 listed in zen.spamhaus.org]
* 0.0 BOTNET_BADDNS Relay doesn't have full circle DNS
*
[botnet_baddns,ip=86.124.176.33,rdns=86-124-176-033.iasi.fiberlink.ro]
* 5.0 BOTNET Relay might be a spambot or virusbot
*
[botnet0.7,ip=86.124.176.33,hostname=86-124-176-033.iasi.fiberlink.ro,baddns,client,ipinhostname]
* 0.0 DKIM_POLICY_SIGNSOME Domain Keys Identified Mail: policy says
domain
* signs some mails
* 0.0 BOTNET_IPINHOSTNAME Hostname contains its own IP address
*
[botnet_ipinhosntame,ip=86.124.176.33,rdns=86-124-176-033.iasi.fiberlink.ro]
* 0.0 BOTNET_CLIENT Relay has a client-like hostname
*
[botnet_client,ip=86.124.176.33,hostname=86-124-176-033.iasi.fiberlink.ro,ipinhostname]
* 0.0 BAYES_50 BODY: Bayesian spam probability is 40 to 60%
* [score: 0.5000]
* 0.1 RDNS_DYNAMIC Delivered to trusted network by host with
* dynamic-looking rDNS
arni
