He's hitting on 2 different DUL rules, because he's sending directly from his DSL IP to your S/A server. You need to whitelist his IP address, or otherwise have it bypasss S/A scanning.
On Tue, 5 Dec 2006, John Tice wrote: > I have a new client whose mail is scoring way high... several others > on the same server, different domains, score in negative numbers. > Mail sent through a mail script on this domain scores -1.0. I believe > they're using verizon dsl, windows xp w/ outlook or outlook express. > This is just going from one domain to another on the same server > (cpane). I'll send headers if you need them. Do they have a > misconfigured router? > John > > pts rule name description > ---- ---------------------- > -------------------------------------------------- > 0.0 BOTNET_CLIENTWORDS Hostname contains client-like substrings > 0.0 BOTNET_IPINHOSTNAME Hostname contains its own IP address > 1.0 BAYES_40 BODY: Bayesian spam probability is 20 to > 40% > [score: 0.3651] > 0.7 HTML_MESSAGE BODY: HTML included in message > 3.0 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic > IP address > [71.254.35.168 listed in dnsbl.sorbs.net] > 3.0 RCVD_IN_NJABL_DUL RBL: NJABL: dialup sender did non-local > SMTP > [71.254.35.168 listed in > combined.njabl.org] > 0.0 BOTNET_CLIENT Hostname looks like a client hostname > 5.0 BOTNET Any Botnet rule hit > > James Smallacombe PlantageNet, Inc. CEO and Janitor [EMAIL PROTECTED] http://3.am =========================================================================
