Yves,
> > Btw, this Cc should be arriving over IPv6 too...
> Sorry, it's here indeed. And Botnet has caught it again. :(
>
> Some of the headers:
> > Received: from mail.ijs.si ([2001:1470:ff80::25])
> > by dotforward.de with esmtp (Exim 4.71)
> > (envelope-from <mark.martinec...@ijs.si>)
> > id 1Qc3nH-00075K-CV
> > for nospam.l...@unclassified.de;
> > Thu, 30 Jun 2011 01:03:42 +0200
> >
> > 0.2 BOTNET Relay might be a spambot or virusbot
> >
> > [botnet0.8,ip=94.140.92.23,rdns=upc.si.94.140.92.23.dc.cable.static.tele
> > mach.net,maildomain=ijs.si,client,ipinhostname,clientwords]
Our [2001:1470:ff80::25] mailer does have a reverse DNS record.
Btw, the syntax of an 'address-literal' field in your Received header
field does not obey the required syntax in RFC 5322, it is missing
an "IPv6:" prefix. Looks like the Exim people are not reading RFCs.
The RFC 5322 states the syntax as:
TCP-info = address-literal / ( Domain FWS address-literal )
address-literal = "[" ( IPv4-address-literal /
IPv6-address-literal /
General-address-literal ) "]"
IPv6-address-literal = "IPv6:" IPv6-addr
IPv6-addr = IPv6-full / IPv6-comp / IPv6v4-full / IPv6v4-comp
General-address-literal = Standardized-tag ":" 1*dcontent
(I'm Cc'ing to Matthew in case he wants to check how it turns out
on his mailer).
Mark
