January 28, 2012

L2.APEWS.ORG False Positive #11

First one this month so far, not bad going. This is another of the sending servers for the travel industry, some of our users found this in their spam folder, incorrectly. It must have been recently listed, I haven't checked as yet what the listing says but as far as we are concerned here, the IP is a trusted source. Here is the email header;

Fri 2012-01-27 16:33:25: [6810:112] Accepting SMTP connection from [205.201.136.59]
Fri 2012-01-27 16:33:25: [6810:112] Looking up PTR record for 205.201.136.59 (59.136.201.205.IN-ADDR.ARPA)
Fri 2012-01-27 16:33:25: [6810:112] D=59.136.201.205.in-addr.arpa TTL=(1440) PTR=[mail59.us4.mandrillapp.com]
Fri 2012-01-27 16:33:25: [6810:112] Gathering A-records for PTR hosts
Fri 2012-01-27 16:33:25: [6810:112] D=mail59.us4.mandrillapp.com TTL=(1440) A=[205.201.136.59]
Fri 2012-01-27 16:33:25: [6810:112] --> 220 xxx.xxx.xxx ESMTP MDaemon 6.7.9; Fri, 27 Jan 2012 16:33:25 -0500
Fri 2012-01-27 16:33:25: [6810:112] <-- EHLO mail59.us4.mandrillapp.com
Fri 2012-01-27 16:33:25: [6810:112] Performing reverse lookup on mail59.us4.mandrillapp.com (looking for 205.201.136.59)
Fri 2012-01-27 16:33:26: [6810:112] D=mail59.us4.mandrillapp.com TTL=(1440) A=[205.201.136.59]
Fri 2012-01-27 16:33:26: [6810:112] --> 250-xxx.xxx.xxx Hello mail59.us4.mandrillapp.com, pleased to meet you
Fri 2012-01-27 16:33:26: [6810:112] --> 250-ETRN
Fri 2012-01-27 16:33:26: [6810:112] --> 250-AUTH=LOGIN
Fri 2012-01-27 16:33:26: [6810:112] --> 250-AUTH LOGIN CRAM-MD5
Fri 2012-01-27 16:33:26: [6810:112] --> 250-8BITMIME
Fri 2012-01-27 16:33:26: [6810:112] --> 250 SIZE 0
Fri 2012-01-27 16:33:26: [6810:112] <-- MAIL FROM: BODY=8BITMIME
Fri 2012-01-27 16:33:26: [6810:112] Performing reverse lookup on mail59.us4.mandrillapp.com (looking for 205.201.136.59)
Fri 2012-01-27 16:33:26: [6810:112] D=mail59.us4.mandrillapp.com TTL=(1439) A=[205.201.136.59]
Fri 2012-01-27 16:33:26: [6810:112] Spam Blocker A-record resolution of [59.136.201.205.L2.APEWS.ORG] in progress (DNS Server: 192.168.1.2)...
Fri 2012-01-27 16:33:26: [6810:112] Spam Blocker D=59.136.201.205.L2.APEWS.ORG TTL=(35) A=[127.0.0.2]
Fri 2012-01-27 16:33:26: [6810:112] L2.APEWS.ORG LISTED
Fri 2012-01-27 16:33:26: [6810:112] Message will be accepted and X-RBL-Warning: header will be inserted.
Fri 2012-01-27 16:33:26: [6810:112] --> 250 , Sender ok
Fri 2012-01-27 16:33:26: [6810:112] <-- RCPT TO:
Fri 2012-01-27 16:33:26: [6810:112] --> 250 , Recipient ok
Fri 2012-01-27 16:33:26: [6810:112] <-- DATA
Fri 2012-01-27 16:33:26: [6810:112] --> 354 Enter mail, end with .
Fri 2012-01-27 16:33:27: [6810:112] --> 250 Ok, message saved
Fri 2012-01-27 16:33:27: [6810:112] <-- QUIT
Fri 2012-01-27 16:33:27: [6810:112] --> 221 See ya in cyberspace
Fri 2012-01-27 16:33:27: [6810:112] SMTP session successful, 30303 bytes transferred.
Fri 2012-01-27 16:33:27: [6810:112] Shuffling message(s) into proper queue(s)
Fri 2012-01-27 16:33:27: [6810:112] Message received from mail59.us4.mandrillapp.com [205.201.136.59] with SMTP for [Size 32292] {j:\localq\0005140404.msg}

We will check this and report back in due course.