Mon Jun 12 12:23:11 UTC 2017
Lately some obvious spam has been getting past the Spamhaus check in DCC. The headers look like this: ========================= VERSION: 3 DATE: 06/12/17 06:19:59 CDT IP: stigma3.gslcomunicacion.com ::ffff:126.96.36.199 HELO: mail.gslcomunicacion.com Received: from [127.0.0.1] ([188.8.131.52]) by gslcomunicacion.com with MailEnable ESMTP; Mon, 12 Jun 2017 13:19:48 +0200 From: email@example.com X-DCC--Metrics: quantum 1102; Body=1 Fuz1=1 Fuz2=1 greylist recipient firstname.lastname@example.org: f35a0557 2b5f56ad 2d2fe2ca a1e7d100 ba3482a7 c0d02932 255da318 947b54c6 Embargo #1 rejection message: 452 4.2.1 mail v5CBJxNw056714 from 184.108.40.206 temporary greylist embargoed ========================= What exactly do those headers mean? 220.127.116.11 is heavily listed in the Spamhaus CBL, but 18.104.22.168 is not. I don't think 22.214.171.124 is the real IP address of the host delivering the message, and that 126.96.36.199 is?
More information about the DCC