You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Alex <my...@gmail.com> on 2014/08/25 04:51:48 UTC
Spam relayed through trendmicro?
Hi all,
I'm having difficulty understanding this one:
http://pastebin.com/LYJVas5e
It looks like a host in Japan relayed this message through a few systems
within trendmicro.com, then on to our system before being tagged as obvious
spam. The part I don't understand is, why is Trend involved with this? Is
one of their systems compromised?
I'm also wondering why out13.sjc.mx.trendmicro.com in the one Received
header shows as an invalid fqdn when it resolves fine here to the IP in the
header.
Received: from out13.sjc.mx.trendmicro.com (unknown [216.99.131.50])
# host out13.sjc.mx.trendmicro.com
out13.sjc.mx.trendmicro.com has address 216.99.131.50
# host 216.99.131.50
50.131.99.216.in-addr.arpa domain name pointer out13.sjc.mx.trendmicro.com.
Thanks,
Alex
Re: Spam relayed through trendmicro?
Posted by Alex <my...@gmail.com>.
Hi,
On Mon, Aug 25, 2014 at 4:34 AM, Tom Hendrikx <to...@whyscream.net> wrote:
> On 08/25/2014 04:51 AM, Alex wrote:
> > Hi all,
> >
> > I'm having difficulty understanding this one:
> >
> > http://pastebin.com/LYJVas5e
> >
> > It looks like a host in Japan relayed this message through a few systems
> > within trendmicro.com <http://trendmicro.com>, then on to our system
> > before being tagged as obvious spam. The part I don't understand is, why
> > is Trend involved with this? Is one of their systems compromised?
> >
>
> you should ask them :)
>
Yes, finding an email contact was impossible, and whois wasn't helpful.
I shouldn't have doubted the obvious first thought for this, thanks.
Thanks,
Alex
Re: Spam relayed through trendmicro?
Posted by Tom Hendrikx <to...@whyscream.net>.
On 08/25/2014 04:51 AM, Alex wrote:
> Hi all,
>
> I'm having difficulty understanding this one:
>
> http://pastebin.com/LYJVas5e
>
> It looks like a host in Japan relayed this message through a few systems
> within trendmicro.com <http://trendmicro.com>, then on to our system
> before being tagged as obvious spam. The part I don't understand is, why
> is Trend involved with this? Is one of their systems compromised?
>
you should ask them :)
> I'm also wondering why out13.sjc.mx.trendmicro.com
> <http://out13.sjc.mx.trendmicro.com> in the one Received header shows as
> an invalid fqdn when it resolves fine here to the IP in the header.
>
> Received: from out13.sjc.mx.trendmicro.com
> <http://out13.sjc.mx.trendmicro.com> (unknown [216.99.131.50])
Maybe they disabled dns lookups on their relayhosts since they don't
care about the data: they own the hosts so they are already known. As
for the hostname of the customer that sent the message: they probably
use some non-visible way to easily relate the message to a customer
(f.i. smtp auth).
>
> # host out13.sjc.mx.trendmicro.com <http://out13.sjc.mx.trendmicro.com>
> out13.sjc.mx.trendmicro.com <http://out13.sjc.mx.trendmicro.com> has
> address 216.99.131.50
> # host 216.99.131.50
> 50.131.99.216.in-addr.arpa domain name pointer
> out13.sjc.mx.trendmicro.com <http://out13.sjc.mx.trendmicro.com>.
>
>
> Thanks,
> Alex
>