Suhas Ingale schrieb:
Any custom rules to catch this?
without headers i cant tell but i had the same spam, so here is my report: * 4.4 HELO_DYNAMIC_IPADDR2 Relay HELO'd using suspicious hostname (IP addr * 2) * 0.0 FH_HELO_EQ_D_D_D_D Helo is d-d-d-d * 2.0 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net * [Blocked - see <http://www.spamcop.net/bl.shtml?86.124.176.33>] * 3.0 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL * [86.124.176.33 listed in zen.spamhaus.org] * 0.0 BOTNET_BADDNS Relay doesn't have full circle DNS * [botnet_baddns,ip=86.124.176.33,rdns=86-124-176-033.iasi.fiberlink.ro] * 5.0 BOTNET Relay might be a spambot or virusbot * [botnet0.7,ip=86.124.176.33,hostname=86-124-176-033.iasi.fiberlink.ro,baddns,client,ipinhostname] * 0.0 DKIM_POLICY_SIGNSOME Domain Keys Identified Mail: policy says domain * signs some mails * 0.0 BOTNET_IPINHOSTNAME Hostname contains its own IP address * [botnet_ipinhosntame,ip=86.124.176.33,rdns=86-124-176-033.iasi.fiberlink.ro] * 0.0 BOTNET_CLIENT Relay has a client-like hostname * [botnet_client,ip=86.124.176.33,hostname=86-124-176-033.iasi.fiberlink.ro,ipinhostname] * 0.0 BAYES_50 BODY: Bayesian spam probability is 40 to 60% * [score: 0.5000] * 0.1 RDNS_DYNAMIC Delivered to trusted network by host with * dynamic-looking rDNS arni