spamhaus check not working

Chris Aseltine ophidian@newsnation.com
Mon Jun 12 12:23:11 UTC 2017


Lately some obvious spam has been getting past the Spamhaus check in DCC.  The headers look like this:

=========================

VERSION: 3
DATE: 06/12/17 06:19:59 CDT
IP: stigma3.gslcomunicacion.com ::ffff:92.48.91.248
HELO: mail.gslcomunicacion.com

Received: from [127.0.0.1] ([177.91.117.244]) by gslcomunicacion.com with MailEnable ESMTP; Mon, 12 Jun 2017 13:19:48 +0200
From: martinpeces@biesmartin.com

X-DCC--Metrics: quantum 1102; Body=1 Fuz1=1 Fuz2=1
       greylist recipient
  ophidian@newsnation.com: f35a0557 2b5f56ad 2d2fe2ca a1e7d100
                           ba3482a7 c0d02932 255da318 947b54c6 Embargo #1

rejection message: 452 4.2.1 mail v5CBJxNw056714 from 92.48.91.248 temporary greylist embargoed

=========================

What exactly do those headers mean?  177.91.117.244 is heavily listed in the Spamhaus CBL, but 92.48.91.248 is not.

I don't think 92.48.91.248 is the real IP address of the host delivering the message, and that 177.91.117.244 is?



More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.