Mon Jun 12 12:23:11 UTC 2017
Lately some obvious spam has been getting past the Spamhaus check in DCC. The headers look like this: ========================= VERSION: 3 DATE: 06/12/17 06:19:59 CDT IP: stigma3.gslcomunicacion.com ::ffff:22.214.171.124 HELO: mail.gslcomunicacion.com Received: from [127.0.0.1] ([126.96.36.199]) by gslcomunicacion.com with MailEnable ESMTP; Mon, 12 Jun 2017 13:19:48 +0200 From: firstname.lastname@example.org X-DCC--Metrics: quantum 1102; Body=1 Fuz1=1 Fuz2=1 greylist recipient email@example.com: f35a0557 2b5f56ad 2d2fe2ca a1e7d100 ba3482a7 c0d02932 255da318 947b54c6 Embargo #1 rejection message: 452 4.2.1 mail v5CBJxNw056714 from 188.8.131.52 temporary greylist embargoed ========================= What exactly do those headers mean? 184.108.40.206 is heavily listed in the Spamhaus CBL, but 220.127.116.11 is not. I don't think 18.104.22.168 is the real IP address of the host delivering the message, and that 22.214.171.124 is?
More information about the DCC