November 30, 2011

L2.APEWS.ORG False Positive #4

This is only the fourth false positive in as many weeks, and it wasn't listed before as the client said it used to be in the inbox;

Mon 2011-11-28 17:33:49: [672:3108] Accepting SMTP connection from [129.228.5.23]
Mon 2011-11-28 17:33:49: [672:3108] Looking up PTR record for 129.228.5.23 (23.5.228.129.IN-ADDR.ARPA)
Mon 2011-11-28 17:33:49: [672:3108] D=23.5.228.129.in-addr.arpa TTL=(60) PTR=[mtv-newsletter4.mms.mtv.com]
Mon 2011-11-28 17:33:49: [672:3108] Gathering A-records for PTR hosts
Mon 2011-11-28 17:33:50: [672:3108] D=mtv-newsletter4.mms.mtv.com TTL=(1440) A=[129.228.5.23]
Mon 2011-11-28 17:33:50: [672:3108] --> 220 xxx.xxx.xxx ESMTP MDaemon 6.7.9; Mon, 28 Nov 2011 17:33:50 -0500
Mon 2011-11-28 17:33:50: [672:3108] <-- EHLO mtv-newsletter4.mms.mtv.com
Mon 2011-11-28 17:33:50: [672:3108] Performing reverse lookup on mtv-newsletter4.mms.mtv.com (looking for 129.228.5.23)
Mon 2011-11-28 17:33:50: [672:3108] D=mtv-newsletter4.mms.mtv.com TTL=(1440) A=[129.228.5.23]
Mon 2011-11-28 17:33:50: [672:3108] --> 250-xxx.xxx.xxx Hello mtv-newsletter4.mms.mtv.com, pleased to meet you
Mon 2011-11-28 17:33:50: [672:3108] --> 250-ETRN
Mon 2011-11-28 17:33:50: [672:3108] --> 250-AUTH=LOGIN
Mon 2011-11-28 17:33:50: [672:3108] --> 250-AUTH LOGIN CRAM-MD5
Mon 2011-11-28 17:33:50: [672:3108] --> 250-8BITMIME
Mon 2011-11-28 17:33:50: [672:3108] --> 250 SIZE 0
Mon 2011-11-28 17:33:50: [672:3108] <-- MAIL FROM:
Mon 2011-11-28 17:33:50: [672:3108] Performing reverse lookup on mms.mtv.com (looking for 129.228.5.23)
Mon 2011-11-28 17:33:50: [672:3108] D=mms.mtv.com TTL=(1440) A=[129.228.5.22]
Mon 2011-11-28 17:33:50: [672:3108] P=010 D=mms.mtv.com TTL=(1440) MX=[mailin.strongmail.west.mtvi.com] {129.228.1.185}
Mon 2011-11-28 17:33:50: [672:3108] Spam Blocker A-record resolution of [23.5.228.129.l2.apews.org] in progress (DNS Server: 192.168.1.2)...
Mon 2011-11-28 17:33:51: [672:3108] Spam Blocker D=23.5.228.129.l2.apews.org TTL=(35) A=[127.0.0.2]
Mon 2011-11-28 17:33:51: [672:3108] APEWS listed, 99.7% certain it is spam
Mon 2011-11-28 17:33:51: [672:3108] Message will be accepted and X-RBL-Warning: header will be inserted.
Mon 2011-11-28 17:33:51: [672:3108] --> 250 , Sender ok
Mon 2011-11-28 17:33:51: [672:3108] <-- RCPT TO:
Mon 2011-11-28 17:33:51: [672:3108] --> 250 , Recipient ok
Mon 2011-11-28 17:33:51: [672:3108] <-- DATA
Mon 2011-11-28 17:33:51: [672:3108] --> 354 Enter mail, end with .
Mon 2011-11-28 17:33:52: [672:3108] --> 250 Ok, message saved
Mon 2011-11-28 17:33:52: [672:3108] <-- QUIT
Mon 2011-11-28 17:33:52: [672:3108] --> 221 See ya in cyberspace
Mon 2011-11-28 17:33:52: [672:3108] SMTP session successful, 10320 bytes transferred.
Mon 2011-11-28 17:33:52: [672:3108] Shuffling message(s) into proper queue(s)
Mon 2011-11-28 17:33:52: [672:3108] Message received from mtv-newsletter4.mms.mtv.com [129.228.5.23] with SMTP for [Size 10309] {j:\localq\md00000000000.msg}
Mon 2011-11-28 17:33:52: ----------

As you can see from the headers, this is MTV's newsletter. Well, watch this space, we'll check in a day or two and report back.
Posted by at
Labels: , , , , , , ,

1 comment:

  1. AdministratorDecember 3, 2011 at 3:01 PM

    Having checked that IP address again, we find that it is no longer listed in Apews, great.

    ReplyDelete

Subscribe to: Post Comments (Atom)