Re: IP Address of DSL being marked down when using authenticated SMTP/office 365

Wed, 25 Nov 2020 06:14:04 -0800 

Behavior referring to is known as deep header parsing and refers usually to
checking the received headers farther than the most recent relay.

As you mentioned it causes false positives with people using normal ISPs to
connect and getting marked despite a proper relay.

But yeah I don't know where that x originating IP header is coming from.
What are you using as your glued implement spam assassin?




On Wed, Nov 25, 2020, 09:05 Jonathan Gilpin <jonat...@fluent.ltd.uk> wrote:

>
> I was always of the understanding that a senders IP address was irrelevant
> when sending using authenticated SMTP or say Office 365..
>
> However, today I noticed a mail from someone using BT, whose broadband IP
> is blacklisted, was marked as spam even though it was sent through office
> 365, authenticated:
>
> *  0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was
> *      blocked.  See
> *      http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
> *      for more information.
> *      [URIs: blah.com]
> *  1.5 RCVD_IN_CBL RBL: Received via a relay in cbl.abuseat.org
> *      [Blocked - see <http://www.abuseat.org/lookup.cgi?ip=86.129.191.88
> >]
> * -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
> *      [40.107.8.121 listed in wl.mailspike.net]
> * -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at
> *      https://www.dnswl.org/, no trust
> *      [40.107.8.121 listed in list.dnswl.org]
> *  1.5 RCVD_IN_SBL_XBL RBL: Received via a relay in Spamhaus SBL+XBL
> *      [86.129.191.88 listed in sbl-xbl.spamhaus.org]
> *  3.6 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS
> *      [86.129.191.88 listed in zen.spamhaus.org]
> *  0.7 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in
> *       headers
> * -0.7 SPF_HELO_PASS SPF: HELO matches SPF record
> * -0.6 SPF_PASS SPF: sender matches SPF record
> *  0.1 LONGWORD BODY: Uses overlong words
> *  0.1 TW_VB BODY: Odd Letter Triples with VB
> * -0.1 MD5_CONTENT BODY: Contains MD5 hash.
> *  0.0 HTML_FONT_FACE_BAD BODY: HTML font face is not a word
> *  0.0 HTML_IMAGE_RATIO_08 BODY: HTML has a low ratio of text to image
> *       area
> *  0.0 HTML_MESSAGE BODY: HTML included in message
> *  0.0 HTML_FONT_LOW_CONTRAST BODY: HTML font color similar or
> *      identical to background
> * -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
> *      author's domain
> * -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from
> *      envelope-from domain
> * -1.5 DKIM_VALID Message has at least one valid DKIM or DK signature
> *  0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily
> *       valid
> *  0.5 RDNS_NONE Delivered to internal network by a host with no rDNS
> *  0.0 LOTS_OF_MONEY Huge... sums of money
> *  0.1 RCVD_IN_SORBS No description available.
>
> Looking at the headers below it seems the IP is only shown in one place:
>
> x-originating-ip: [86.129.191.88]
>
> not in the actual headers.. so is this a setup error on my part or a
> spam-assassin change? or a mistake?
>
> Obviously I need to resolve/stop this to reduce false positives..
>
> Kind Regards,
>
> Jonathan Gilpin
>
>
>
>
> Full headers are:
>
>
>
> Return-path: <Michas@*************>
> Envelope-to: jonat...@fluent.ltd.uk
> Received: from [40.107.8.121] (port=28758 helo=
> EUR04-VI1-obe.outbound.protection.outlook.com)
> by mail.fluent.ltd.uk with esmtps
> (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256)
> (Exim 4.92.3 (FreeBSD))
> (envelope-from <mic...@blah.com>)
> id 1khtN9-000MY4-Sb
> for jonat...@fluent.ltd.uk; Wed, 25 Nov 2020 11:54:11 +0000
> ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
>
>  
> b=W28N/723guQOuCSXW1Naa+37KEO6bHZx26TLYZrztvBdCeaPxCdDFBIl+3XogEQ02FI6sgs8jyyEpdOu5r6pzv5VYaSLeSK3bKpVUBXJd81rrBOD6CP2v51wbJiZPqWtyjKitI1C4VspnqYd3MaT2P5zcxvMlFXoFwJ1zfBB+0KJ2+0VvmyKySB8QwiSPzoRmYbIWYSfx0kjBkkcXPlicxBsWp7Acnrejf7tOFMoG/G2MYjVyYlKgdr+eBYN3X/x8KBerjMoxKnko5Ifbr8C048UCIm8t4DwYW0edA+SCyoubaaA90Wb025nZ1m3Hw+DgUeH10Ry5meaUASxLaX0rw==
> ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=
> microsoft.com;
>  s=arcselector9901;
>
>  
> h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
>  bh=uG0lvf0QC6HBaYnHSOFl85l4r9bpThL5UiE/bSuehSU=;
>
>  
> b=aNFxANvz/1NKpFB4auemXGsVzoT9ZTmatvS6EE3J2/ixLDR/UVALA/aPOeYuKvh7N2c/yVeMFFRsTn36OyxIus6yh1k6yeVEfmxLCB4lbhANKWhDTJX89dINn90TArp6TIfBfqAw3JQP8LsvWFUFGqrwyfdUmcBmChwyFEKBjAkx5OpKnwKkkgcqkOu2tf2XuZ6byZ/CZB0COTWwlzb4PcRQIhb68OMHvhC7g4UZZm0HsS3WJQpLoOncQMPaYUEMKwjIReBXAGLq8AAR2DdCWTS/K9mGcV5kkYfcGj8tMnA3HHQ0hoHHJWhuoeMcpY50dYYG3XpUOPyj69ec/phlSA==
> ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip
> is
>  104.40.229.156) smtp.rcpttodomain=fluent.ltd.uk smtp.mailfrom=blah.com;
>  dmarc=bestguesspass action=none header.from=blah.com; dkim=none (message
>  not signed); arc=none
> DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=blah.com;
>  s=selector2;
>
>  
> h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
>  bh=uG0lvf0QC6HBaYnHSOFl85l4r9bpThL5UiE/bSuehSU=;
>
>  
> b=FrGoYe/6s3IKRB11KHYxB6lNtvb0bao75MycN+7aKBfDXpV1CEpblk80zn0+vg408wVgeH5EQhcMU05dhlJhnAUrCWcdUfWFpnkC9ytfhbppq0MkT/buDDT4iQVEdg6dpwhD/zSuo0hR7QFQr4yI3bNGs/h5KtSkYEkZT8j3FmI=
> Received: from MR2P264CA0080.FRAP264.PROD.OUTLOOK.COM
> (2603:10a6:500:32::20)
>  by AS8PR10MB4533.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:2b5::23) with
>  Microsoft SMTP Server (version=TLS1_2,
>  cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3589.22; Wed, 25
> Nov
>  2020 11:54:07 +0000
> Received: from VE1EUR03FT009.eop-EUR03.prod.protection.outlook.com
>  (2603:10a6:500:32:cafe::94) by MR2P264CA0080.outlook.office365.com
>  (2603:10a6:500:32::20) with Microsoft SMTP Server (version=TLS1_2,
>  cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3611.20 via
> Frontend
>  Transport; Wed, 25 Nov 2020 11:54:07 +0000
> X-MS-Exchange-Authentication-Results: spf=pass (sender IP is
> 104.40.229.156)
>  smtp.mailfrom=blah.com; fluent.ltd.uk; dkim=none (message not signed)
>  header.d=none;fluent.ltd.uk; dmarc=bestguesspass action=none
>  header.from=blah.com;
> Received-SPF: Pass (protection.outlook.com: domain of blah.com designates
>  104.40.229.156 as permitted sender) receiver=protection.outlook.com;
>  client-ip=104.40.229.156; helo=eu1.smtp.exclaimer.net;
> Received: from eu1.smtp.exclaimer.net (104.40.229.156) by
>  VE1EUR03FT009.mail.protection.outlook.com (10.152.18.92) with Microsoft
> SMTP
>  Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id
>  15.20.3589.20 via Frontend Transport; Wed, 25 Nov 2020 11:54:06 +0000
> Received: from EUR05-AM6-obe.outbound.protection.outlook.com
> (104.47.18.113)
> by eu1.smtp.exclaimer.net (104.40.229.156) with Exclaimer Signature
> Manager
> ESMTP Proxy eu1.smtp.exclaimer.net (tlsversion=TLS12,
> tlscipher=TLS_ECDHE_WITH_AES256_SHA384); Wed, 25 Nov 2020 11:54:06 +0000
> X-ExclaimerHostedSignatures-MessageProcessed: true
> X-ExclaimerProxyLatency: 23783642
> X-ExclaimerImprintLatency: 3521053
> X-ExclaimerImprintAction: c8cf8f81e33e4173b5019c0de3b7dbfa
> Content-Type: multipart/related;
> boundary="----_=_NextPart_45edd4ec-206f-41a5-909b-f03baaa1763d"
> Received: from AM6PR10MB2216.EURPRD10.PROD.OUTLOOK.COM
> (2603:10a6:20b:51::18)
>  by AS8PR10MB4598.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:2b5::22) with
>  Microsoft SMTP Server (version=TLS1_2,
>  cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3589.28; Wed, 25
> Nov
>  2020 11:54:01 +0000
> Received: from AM6PR10MB2216.EURPRD10.PROD.OUTLOOK.COM
>  ([fe80::ad9b:7ad7:d894:265d]) by AM6PR10MB2216.EURPRD10.PROD.OUTLOOK.COM
>  ([fe80::ad9b:7ad7:d894:265d%5]) with mapi id 15.20.3589.025; Wed, 25 Nov
> 2020
>  11:54:01 +0000
> From: Michas Rapf <mic...@blah.com>
> To: Jonathan Gilpin <jonat...@fluent.ltd.uk>
> Thread-Topic: Comcast Abuse Report
> Thread-Index: AQHWwyDbVkxJnu70vkWSP/mbjQ9CC6nYvQ04
> Date: Wed, 25 Nov 2020 11:54:00 +0000
> Message-ID:
>  <
> am6pr10mb22161c3d102dea421f6e65cac6...@am6pr10mb2216.eurprd10.prod.outlook.com
> >
> References:
>  <01eqxdvy8qwx916f51r51e718w....@bounce.mailstream.senderscore.net>,<
> dfd39e7b-bc12-4ec0-9d43-39c97eb90...@fluent.ltd.uk>
> In-Reply-To: <dfd39e7b-bc12-4ec0-9d43-39c97eb90...@fluent.ltd.uk>
> Accept-Language: en-GB, en-US
> X-MS-Has-Attach:
> X-MS-TNEF-Correlator:
> Authentication-Results-Original: fluent.ltd.uk; dkim=none (message not
> signed)
>  header.d=none;fluent.ltd.uk; dmarc=none action=none header.from=blah.com;
> x-originating-ip: [86.129.191.88]
> x-ms-publictraffictype: Email
> X-MS-Office365-Filtering-Correlation-Id:
> 39551bfc-0a24-4f5e-b8cb-08d89138d010
> x-ms-traffictypediagnostic: AS8PR10MB4598:|AS8PR10MB4533:
> X-Microsoft-Antispam-PRVS:
> <
> as8pr10mb4533cf58c4eb3d16f4bae770c6...@as8pr10mb4533.eurprd10.prod.outlook.com
> >
> x-ms-oob-tlc-oobclassifiers: OLM:8882;OLM:8882;
> X-MS-Exchange-SenderADCheck: 1
> X-Microsoft-Antispam-Untrusted: BCL:0;
> X-Microsoft-Antispam-Message-Info-Original:
>
>  
> AodMuHq3ZaW61ibAVvYcyN9wUHXbjrFo8MiITzhydRNYfsyi7cMhZxyFqdgd/K2c5VtKno6pQZPLEGjSCsLtxhAWLVHiFKL0Jy1E+d2XWWUUDGRnZp7/6qjsUWO27QqTkEX/6lEW4DVfdgxQYr614LtwC6jIkm3tSy1kufFeO9dbnzbiurarULDk6adMtFEeNwjVt6iIaX0fZvQbh/HBHF+dbztkwpNgYOirKV7NjzyQSAz1leOGTcbpfIFjT7P1BPerQ8oV4pAXYQf1O3N7bPjoZ5SBs/j451diWmOjFGn+ijRTCThpTte7KRXBswry1FnHUSPKF2Ca7kn2EemxVZL4vzToiS5dedYuDuFHu+uhzdS2SL77qg3LyxH3vC8QSSr6tZ48K/f8KFj6Whgykw==
> X-Forefront-Antispam-Report-Untrusted:
>  CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:
> AM6PR10MB2216.EURPRD10.PROD.OUTLOOK.COM
> ;PTR:;CAT:NONE;SFS:(376002)(366004)(396003)(346002)(39840400004)(136003)(76236003)(478600001)(186003)(66946007)(3480700007)(8936002)(33656002)(9686003)(55016002)(83380400001)(26005)(52536014)(86362001)(7066003)(71200400001)(5660300002)(7116003)(16799955002)(6506007)(53546011)(2906002)(8676002)(316002)(7696005)(76116006)(19627405001)(66446008)(64756008)(6916009)(66476007)(166002)(66556008)(559001)(579004);DIR:OUT;SFP:1102;
> x-ms-exchange-antispam-messagedata:
>
>  
> WWu2hxeCT4Zw57X3TzB0gTtaW2of+K6thAjvcc+d9cP5KF6AXsMViHfBiBmrjVTE/t2/N7/XqVIxniLVnzpGjQCjTlRIb2QAf9F5GqWgcjf+FRxMtVhm+mPDMFAhRhATl6I6B7sipSwCCK4eSSjxZjvNqVxYogxSvfyV3CW027V6sP/jz+owjqybM5ARTehxq5TL+b2RXshTtLk/yw4HXoATS9AeXvZLPhq0MCifToikthz0lpDqLCvg6dzH9AOXtd//YDbOipzK3OQPfx8P9EgRb4wTj7dqxIfdTAr0EQUAAYKco/sN7ZXbxbpCIex2Xl1GsaA3aQXgFzWFkl0BbeIr6fi2/5hGouH+ahMxZQxpC+sYS04aC1FEoNeKU9BNwIdOHGV0aGuBBMjeALGmUm4TXzkZxqvswlHbROQFeEyX0E4UNfPEQgohkUGjQgdlMVR5zu9oNcx4zDSYrSlMp1qtZgp2vMs7H1rjirnNzHDGOF4V9BRA+ItrfkH3w92jIFkX7u3nZ1tzaNTxpXG2Ue8cDD0U0mAHCxW7RDH5ZD+vArXb7NO4WwKqD6ph2E57QtkteF/BnJ8rHqzy5op2kiDYzShinxuEjSS7l4vKIoSf1A7vv7EyIKoAuCJAwKDFSdeofgpvZCIRkNwSHNfobop0LpHcBTN2VRxC95eB5rGXhXWOsfQd3SXQfw0EaCnwgX9Jf1zdGqXTwJycKttbmpsDiBMhNcAuzyeEQY9DzIcNbMf7U2UKDHcvu1Qx8ce0NUXhxnfrQ+DqzSPpUO3R/GWKkVWcno1WcM8LpHwDxPmrM/54T5rvaWzGXKMsPnp7ZUpXClVqHLWx8zLoRC9ulJ89hiR6vDYffwOQgr26Igo0+v8xjX+fB8nZoO7eIZLyn6Rd2o22f00qjZ/fMnLYEg==
> x-ms-exchange-transport-forked: True
> MIME-Version: 1.0
> X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS8PR10MB4598
> X-EOPAttributedMessage: 0
> X-MS-Exchange-Transport-CrossTenantHeadersStripped:
>  VE1EUR03FT009.eop-EUR03.prod.protection.outlook.com
> X-MS-Office365-Filtering-Correlation-Id-Prvs:
> 925da4d8-d491-4078-39c2-08d89138cd03
> X-Microsoft-Antispam: BCL:0;
> X-Microsoft-Antispam-Message-Info:
>
> 6JGPEgxe1fCJmQ7o0AAKLaXanBxDlA5RQICgs6kWctg3o5mE56buF1tXj3bkqkSz2hoZeZHmXPNCexFQTLdH3W4F1w8UI3qCmz5lSsIu3ejDphcZRKyPS4gV68k4zlRPQAN30fqoBHrEZJMFupuUJtYeiuMqITRPlpPeMAwdSfkVGnKhQcia5Opou5saowCp3hyYyh58t4w0v0jKt578VsFWByEmFfuV0k9zvGbhzdFTjQKGf8UnEcWQklqQ6TbfSwsTffep37ZNimAAPxUNE+N7/3LdlRRda9Aus7WaPIodOklPyrgsJVartF69xQU5XAIQFpbIKFzqWrWBtT4q63kGgc7c8pqKR+o7Yc4u4KCoIUp1RXUU6AwJjL3EHv4Sjt9HVnPonQ7ftM82XfXwxJYVwO6vwSR40HPElcQktpTk1mEBmsUV1uHgB+meoULhmzy6TcQDUSXgIoWlLpnQ0uNFUtKgZv4dKsCDg6gCC4yNUK4I+cOCmAG/sOSBbRgn
> X-Forefront-Antispam-Report:
> CIP:104.40.229.156;CTRY:NL;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:
> eu1.smtp.exclaimer.net;PTR:eu1.smtp.exclaimer.net
> ;CAT:NONE;SFS:(346002)(376002)(396003)(136003)(39840400004)(46966005)(8676002)(52536014)(33964004)(30864003)(7116003)(16799955002)(336012)(7696005)(6916009)(70206006)(47076004)(82310400003)(478600001)(76236003)(6506007)(8936002)(2906002)(53546011)(7636003)(7596003)(83380400001)(33656002)(356005)(26005)(186003)(19627405001)(166002)(66576008)(5660300002)(9686003)(55016002)(15974865002)(86362001)(316002)(7066003)(70586007)(3480700007)(130860200001)(579004)(559001);DIR:OUT;SFP:1102;
> X-OriginatorOrg: blah.com
> X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 Nov 2020 11:54:06.3270
>  (UTC)
> X-MS-Exchange-CrossTenant-Network-Message-Id:
> 39551bfc-0a24-4f5e-b8cb-08d89138d010
> X-MS-Exchange-CrossTenant-Id: 29330ce7-8bee-4b7f-96d8-1066707d22b5
> X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp:
> TenantId=29330ce7-8bee-4b7f-96d8-1066707d22b5;Ip=[104.40.229.156];Helo=[
> eu1.smtp.exclaimer.net]
> X-MS-Exchange-CrossTenant-AuthSource:
> VE1EUR03FT009.eop-EUR03.prod.protection.outlook.com
> X-MS-Exchange-CrossTenant-AuthAs: Anonymous
> X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
> X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS8PR10MB4533
> X-SA-Exim-Connect-IP: 40.107.8.121
> X-SA-Exim-Mail-From: mic...@blah.com
> Subject: Re: Comcast Abuse Report
> X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on
> as001.fluent.ltd.uk
> X-Spam-Flag: YES
> X-Spam-Level: *****
> X-Spam-Status: Yes, score=5.0 required=4.4 tests=DKIM_SIGNED,DKIM_VALID,
> DKIM_VALID_AU,DKIM_VALID_EF,HTML_FONT_FACE_BAD,HTML_FONT_LOW_CONTRAST,
> HTML_IMAGE_RATIO_08,HTML_MESSAGE,LONGWORD,LOTS_OF_MONEY,MD5_CONTENT,
> MR_NOT_ATTRIBUTED_IP,RCVD_IN_CBL,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,
> RCVD_IN_SBL_CSS,RCVD_IN_SBL_XBL,RCVD_IN_SORBS,RDNS_NONE,SPF_HELO_PASS,
> SPF_PASS,TW_VB,URIBL_BLOCKED autolearn=disabled version=3.4.4
> X-Spam-Report:
> *  0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was
> *      blocked.  See
> *      http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
> *      for more information.
> *      [URIs: blah.com]
> *  1.5 RCVD_IN_CBL RBL: Received via a relay in cbl.abuseat.org
> *      [Blocked - see <http://www.abuseat.org/lookup.cgi?ip=86.129.191.88
> >]
> * -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
> *      [40.107.8.121 listed in wl.mailspike.net]
> * -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at
> *      https://www.dnswl.org/, no trust
> *      [40.107.8.121 listed in list.dnswl.org]
> *  1.5 RCVD_IN_SBL_XBL RBL: Received via a relay in Spamhaus SBL+XBL
> *      [86.129.191.88 listed in sbl-xbl.spamhaus.org]
> *  3.6 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS
> *      [86.129.191.88 listed in zen.spamhaus.org]
> *  0.7 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in
> *       headers
> * -0.7 SPF_HELO_PASS SPF: HELO matches SPF record
> * -0.6 SPF_PASS SPF: sender matches SPF record
> *  0.1 LONGWORD BODY: Uses overlong words
> *  0.1 TW_VB BODY: Odd Letter Triples with VB
> * -0.1 MD5_CONTENT BODY: Contains MD5 hash.
> *  0.0 HTML_FONT_FACE_BAD BODY: HTML font face is not a word
> *  0.0 HTML_IMAGE_RATIO_08 BODY: HTML has a low ratio of text to image
> *       area
> *  0.0 HTML_MESSAGE BODY: HTML included in message
> *  0.0 HTML_FONT_LOW_CONTRAST BODY: HTML font color similar or
> *      identical to background
> * -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
> *      author's domain
> * -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from
> *      envelope-from domain
> * -1.5 DKIM_VALID Message has at least one valid DKIM or DK signature
> *  0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily
> *       valid
> *  0.5 RDNS_NONE Delivered to internal network by a host with no rDNS
> *  0.0 LOTS_OF_MONEY Huge... sums of money
> *  0.1 RCVD_IN_SORBS No description available.
> X-SA-Exim-Version: 4.2
> X-SA-Exim-Scanned: Yes (on mail.fluent.ltd.uk)
>
>

Reply via email to