spamhaus check not working

Vernon Schryver
Mon Jun 12 14:08:05 UTC 2017

> From: Chris Aseltine <>
> To: "" <>

> Lately some obvious spam has been getting past the Spamhaus check in DCC.

By "the Spamhaus check in DCC", do you mean that you are using
dccm or dccifd with -B and a Spamhaus DNSBL?  If so, what?

> Lately some obvious spam has been getting past the Spamhaus check in DCC.  The headers look like this:
> =========================
> DATE: 06/12/17 06:19:59 CDT
> IP: ::ffff:

This appears to be from a DCC log file, format version #3.  
The DCC client program you are using (dccm, dccifd, or dccproc) is
saying that the mail message was received from
at  The SMTP client identified itself in its HELO
command as

> Received: from [] ([]) by with MailEnable ESMTP; Mon, 12 Jun 2017 13:19:48 +0200
> From:
> X-DCC--Metrics: quantum 1102; Body=1 Fuz1=1 Fuz2=1
>        greylist recipient
> f35a0557 2b5f56ad 2d2fe2ca a1e7d100
>                            ba3482a7 c0d02932 255da318 947b54c6 Embargo #1
> rejection message: 452 4.2.1 mail v5CBJxNw056714 from temporary greylist embargoed
> =========================
> What exactly do those headers mean? is heavily listed in the Spamhaus CBL, but is not.
> I don't think is the real IP address of the host delivering the message, and that is?

If you have reason to believe that Received: header, perhaps because
you operate the SMTP system at, then the SMTP server
at received the message from an SMTP client at claimed in its HELO command that
it was at, which if true would be very unusual.
apparently relayed the message to your system.

Based on that fragment of a DCC log file, the most that can be
confidently said is that your system received spam from
My guess is that is an insufficiently secured SMTP relay.

Vernon Schryver

More information about the DCC mailing list

Contact by mail or use the form.