Yves, > > Btw, this Cc should be arriving over IPv6 too... > Sorry, it's here indeed. And Botnet has caught it again. :( > > Some of the headers: > > Received: from mail.ijs.si ([2001:1470:ff80::25]) > > by dotforward.de with esmtp (Exim 4.71) > > (envelope-from <mark.martinec...@ijs.si>) > > id 1Qc3nH-00075K-CV > > for nospam.l...@unclassified.de; > > Thu, 30 Jun 2011 01:03:42 +0200 > > > > 0.2 BOTNET Relay might be a spambot or virusbot > > > > [botnet0.8,ip=94.140.92.23,rdns=upc.si.94.140.92.23.dc.cable.static.tele > > mach.net,maildomain=ijs.si,client,ipinhostname,clientwords]
Our [2001:1470:ff80::25] mailer does have a reverse DNS record. Btw, the syntax of an 'address-literal' field in your Received header field does not obey the required syntax in RFC 5322, it is missing an "IPv6:" prefix. Looks like the Exim people are not reading RFCs. The RFC 5322 states the syntax as: TCP-info = address-literal / ( Domain FWS address-literal ) address-literal = "[" ( IPv4-address-literal / IPv6-address-literal / General-address-literal ) "]" IPv6-address-literal = "IPv6:" IPv6-addr IPv6-addr = IPv6-full / IPv6-comp / IPv6v4-full / IPv6v4-comp General-address-literal = Standardized-tag ":" 1*dcontent (I'm Cc'ing to Matthew in case he wants to check how it turns out on his mailer). Mark