APEWS User: February 2013

This is the latest false positive that we have, been quite a while now. The user subscribed to a newsletter and found this edition in the spam folder;

Wed 2013-02-06 04:24:19: [710:3560] Accepting SMTP connection from [208.73.5.67]
Wed 2013-02-06 04:24:19: [710:3560] Looking up PTR record for 208.73.5.67 (67.5.73.208.IN-ADDR.ARPA)
Wed 2013-02-06 04:24:20: [710:3560] D=67.5.73.208.IN-ADDR.ARPA TTL=(59) PTR=[mail4598.outdoorhub.mkt5196.com]
Wed 2013-02-06 04:24:20: [710:3560] Gathering A-records for PTR hosts
Wed 2013-02-06 04:24:20: [710:3560] D=mail4598.outdoorhub.mkt5196.com TTL=(60) A=[208.73.5.67]
Wed 2013-02-06 04:24:20: [710:3560] --> 220 xxx.xxx.xxx ESMTP MDaemon; Wed, 06 Feb 2013 04:24:20
Wed 2013-02-06 04:24:20: [710:3560] <-- EHLO mail4598.outdoorhub.mkt5196.com
Wed 2013-02-06 04:24:20: [710:3560] Performing reverse lookup on mail4598.outdoorhub.mkt5196.com (looking for 208.73.5.67)
Wed 2013-02-06 04:24:20: [710:3560] D=mail4598.outdoorhub.mkt5196.com TTL=(60) A=[208.73.5.67]
Wed 2013-02-06 04:24:20: [710:3560] --> 250-xxx.xxx.xxx Hello mail4598.outdoorhub.mkt5196.com, pleased to meet you
Wed 2013-02-06 04:24:20: [710:3560] --> 250-ETRN
Wed 2013-02-06 04:24:20: [710:3560] --> 250-AUTH=LOGIN
Wed 2013-02-06 04:24:20: [710:3560] --> 250-AUTH LOGIN CRAM-MD5
Wed 2013-02-06 04:24:20: [710:3560] --> 250-8BITMIME
Wed 2013-02-06 04:24:20: [710:3560] --> 250 SIZE 0
Wed 2013-02-06 04:24:21: [710:3560] <-- MAIL FROM:<xxx @ bounce.outdoorhub.mkt5196.com> BODY=8BITMIME
Wed 2013-02-06 04:24:21: [710:3560] Performing reverse lookup on bounce.outdoorhub.mkt5196.com (looking for 208.73.5.67)
Wed 2013-02-06 04:24:21: [710:3560] D=bounce.outdoorhub.mkt5196.com TTL=(60) A=[74.121.50.42]
Wed 2013-02-06 04:24:21: [710:3560] P=005 D=bounce.outdoorhub.mkt5196.com TTL=(60) MX=[bounce.outdoorhub.mkt5196.com] {74.121.50.42}
Wed 2013-02-06 04:24:21: [710:3560] Spam Blocker A-record resolution of [67.5.73.208.L2.APEWS.ORG] in progress (DNS Server: 192.168.1.2)...
Wed 2013-02-06 04:24:21: [710:3560] Spam Blocker D=67.5.73.208.L2.APEWS.ORG TTL=(35) A=[127.0.0.2]
Wed 2013-02-06 04:24:21: [710:3560] L2.APEWS.ORG LISTED
Wed 2013-02-06 04:24:21: [710:3560] Message will be accepted and X-RBL-Warning: header will be inserted.
Wed 2013-02-06 04:24:21: [710:3560] --> 250 <xxx @ bounce.outdoorhub.mkt5196.com>, Sender ok
Wed 2013-02-06 04:24:21: [710:3560] <-- RCPT TO:<xxx @ xxx.xxx>
Wed 2013-02-06 04:24:21: [710:3560] --> 250 <xxx @ xxx.xxx>, Recipient ok
Wed 2013-02-06 04:24:21: [710:3560] <-- DATA
Wed 2013-02-06 04:24:21: [710:3560] --> 354 Enter mail, end with <CRLF>.<CRLF>
Wed 2013-02-06 04:24:22: [710:3560] --> 250 Ok, message saved <Message-ID: 00000000000000000.JavaMail.app @ xxxx.xxx>
Wed 2013-02-06 04:24:22: [710:3560] <-- QUIT
Wed 2013-02-06 04:24:22: [710:3560] --> 221 See ya in cyberspace
Wed 2013-02-06 04:24:22: [710:3560] SMTP session successful, 36340 bytes transferred.
Wed 2013-02-06 04:24:22: [710:3560] Shuffling message(s) into proper queue(s)
Wed 2013-02-06 04:24:22: [710:3560] Message received from mail4598.outdoorhub.mkt5196.com [208.73.5.67] <xxx @ bounce.outdoorhub.mkt5196.com> with SMTP for <xxx @ xxx.xxx> [Size 36326] {j:\mdaemon\localq\md0000000.msg}

APEWS User

February 6, 2013

L2.APEWS.ORG False Positive #19