John Rudd wrote: > b) spiegl.de has 1-5 MX records, and one of them has 1-5 A records, one > of which resolves to the submitting relay (87.152.143.202).
Hm, but why would I want to put this dynamic IP into the list of MXs? The soho mailserver doesn't accept mails from outside. Shouldn't the BOTNET_SOHO look at the Received:-line of the provider's mailserver? > Received: from condor.int.spiegl.de (p57988fca.dip.t-dialin.net > [87.152.143.202]) > by sienna.XXXX.de via kasmail (3.1) > id <1IgQ30-4tK-1-sienna>; Tue, 24 Apr 2007 18:47:30 GMT As sienna.XXXX.de is one of the MXs for spiegl.de that should be enough to legitimate mails from there, no? Or asked differently: how does the BOTNET code figure out which one is the "submitting relay" and why does it choose the wrong one? :-) Thanks, Andy. -- May all your PUSHes be POPped.
