On 08/25/2014 04:51 AM, Alex wrote: > Hi all, > > I'm having difficulty understanding this one: > > http://pastebin.com/LYJVas5e > > It looks like a host in Japan relayed this message through a few systems > within trendmicro.com <http://trendmicro.com>, then on to our system > before being tagged as obvious spam. The part I don't understand is, why > is Trend involved with this? Is one of their systems compromised? >
you should ask them :) > I'm also wondering why out13.sjc.mx.trendmicro.com > <http://out13.sjc.mx.trendmicro.com> in the one Received header shows as > an invalid fqdn when it resolves fine here to the IP in the header. > > Received: from out13.sjc.mx.trendmicro.com > <http://out13.sjc.mx.trendmicro.com> (unknown [216.99.131.50]) Maybe they disabled dns lookups on their relayhosts since they don't care about the data: they own the hosts so they are already known. As for the hostname of the customer that sent the message: they probably use some non-visible way to easily relate the message to a customer (f.i. smtp auth). > > # host out13.sjc.mx.trendmicro.com <http://out13.sjc.mx.trendmicro.com> > out13.sjc.mx.trendmicro.com <http://out13.sjc.mx.trendmicro.com> has > address 216.99.131.50 > # host 216.99.131.50 > 50.131.99.216.in-addr.arpa domain name pointer > out13.sjc.mx.trendmicro.com <http://out13.sjc.mx.trendmicro.com>. > > > Thanks, > Alex >
signature.asc
Description: OpenPGP digital signature
