DCC version 1.3.128/2.3.128 released

Vernon Schryver vjs@calcite.rhyolite.com
Mon Aug 2 12:55:34 UTC 2010


> From: Bart Dumon <bart.dumon@scarlet.biz>

> 1.3.29 has dnswl medium (127.0.x.2) removed, is there any specific 
> reason for this? Chance of
> false positives? btw, very welcome addition, thanks!

I saw unmitigated spam with an envelope Mail_From value of fagina@cm1.hinet.net
from 64.18.2.218.  218.2.18.64.list.dnswl.org=127.0.5.2 These were the
headers from the dccm log file.  (As an asside, notice the non-standard,
not in RFC 5321 or RFC 5322, "Reinject" field.  I've converted the From:
and Subject: fields so they won't be 8-bit.)

    Received: from exprod7ob116.obsmtp.com (exprod7ob116.obsmtp.com [64.18.2.218])
	    by calcite.rhyolite.com (8.14.4/8.14.4) with SMTP id o6VN8bcZ093570
	    for <sales@rhyolite.com> env-from <fagina@cm1.hinet.net>;
	    Sat, 31 Jul 2010 23:08:38 GMT
    Reinject: from source ([71.174.102.163]) (using TLSv1) by exprod7ob116.postini.com ([64.18.6.12]) with SMTP
	    ID DSNKTFSs7lOm0KxC+/tGtnbB3aZeQ5hspplH@postini.com; Sat, 31 Jul 2010 16:08:37 PDT
    Reinject: from exprod7og114.obsmtp.com (64.18.2.214) by
     SMGEXCHANGE.SVMGilmore.com (10.0.116.10) with Microsoft SMTP Server id
     14.0.639.21; Sat, 31 Jul 2010 15:26:04 -0400
    Received: from source ([71.174.102.163]) (using TLSv1) by exprod7ob114.postini.com ([64.18.6.12]) with SMTP
	    ID DSNKTFR208vyx7+1JCzavwzXChHr50m5Y8dE@postini.com; Sat, 31 Jul 2010 12:23:00 PDT
    Received: from 71.174.102.163 (220.173.136.75) by SMGEXCHANGE.SVMGilmore.com
     (10.0.116.10) with Microsoft SMTP Server id 14.0.639.21; Sat, 31 Jul 2010
     13:02:46 -0400
    Received: from 202.144.213.90 by 220.173.136.75; Thu, 05 Aug 2010 11:00:52
     -0600
    Message-ID: <BNHJRIXIQNUYIGQDQXLRF.VACKAPfagina@cm1.hinet.net>
    From: "\xa7K\xc0\xa3\xa7K\xabO\xa1A\xa7Y\xa5i\xbf\xec\xa1A" <fagina@cm1.hinet.ne

    To: <sales@rhyolite.com>
    Subject: \xa5i\xa4\xc0\xaa\xf8\xb5u\xb4\xc1\xa8\xcf\xa5\xce\xa1C
    Date: Thu, 5 Aug 2010 20:02:52 +0300
    X-Mailer: The Bat! (v1.52f) Business
    MIME-Version: 1.0
    Content-Type: multipart/alternative; boundary="--387527121111132"
    X-Priority: 1
    X-MSMail-Priority: High
    X-DCC-Rhyolite-Metrics: calcite.rhyolite.com; whitelist


I also noticed that 207.171.164.40 is listed at
40.164.171.207.list.dnswl.org=127.0.14.2, but I have seen unsolicited
bulk advertising email from Amazon within the last 12 months.


Vernon Schryver    vjs@rhyolite.com



More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.