> 
> For those that would like to investigate, the messages are in the
> attached ZIP.  It looks like simple Spamming but I can not assure
> there are no other issues of concern.
> 

Put full (redacted) plaint text source message. I can't believe that message 
headers do not contain ip addresses. What is this 202.29.234.42?

Your spamassassin should not even be processing messages from 202.29.234.42. 
Your incoming mail server should not accept mail from ip's that do no have a 
correct reverse[2]. Then it is on a dnsbl. So it should be stopped at that 
stage.


[1]
[@scripts]# testrbl.sh 202.29.234.42
202.29.234.42
 zen.spamhaus.org 127.0.0.11 "https://www.spamhaus.org/query/ip/202.29.234.42";
 bl.spamcop.net
 dul.rbl-dns.com
 rbl.xxxx.xxx
 rblacc.xxxx.xxx
 whitelist.xxxx.xxx


[2]
[@syslog1 scripts]# digall.sh 202.29.234.42
..
202.29.234.31
202.29.234.32
202.29.234.33
202.29.234.34
202.29.234.35
202.29.234.36
202.29.234.37
202.29.234.38
202.29.234.39
202.29.234.40
202.29.234.41
202.29.234.42
202.29.234.43
202.29.234.44
202.29.234.45
202.29.234.46
202.29.234.47
202.29.234.48
202.29.234.49
202.29.234.50
202.29.234.51
202.29.234.52
202.29.234.53
...

[@syslog1 scripts]# digall.sh 209.85.219.47
209.85.219.0
209.85.219.1    mail-qv1-f1.google.com.
209.85.219.2    mail-qv1-f2.google.com.
209.85.219.3    mail-qv1-f3.google.com.
209.85.219.4    mail-qv1-f4.google.com.
209.85.219.5    mail-qv1-f5.google.com.
209.85.219.6    mail-qv1-f6.google.com.
209.85.219.7    mail-qv1-f7.google.com.
209.85.219.8    mail-qv1-f8.google.com.
209.85.219.9    mail-qv1-f9.google.com.

Reply via email to