Hi Bruce
Here is an example that came through this morning. This is yet another ip address that is associated with this training company ipc
Return-Path: <jira@ipcinc.atlassian.net>
Received: from emx-108-1.sc1.uc-inf.net (emx-108-1.sc1.uc-inf.net [165.254.226.181]) by helm.supportunlimited.net with SMTP;
Fri, 22 May 2015 07:21:08 -0500
Received: from ipcinc.atlassian.net (ipcinc.atlassian.net.internal [10.84.226.79])
by emx-108-1.sc1.uc-inf.net (Postfix) with ESMTP id D1F71F340EDB
for <kpitman@industrialinsite.com>; Fri, 22 May 2015 12:21:01 +0000 (UTC)
Date: Fri, 22 May 2015 07:21:01 -0500 (CDT)
From: Angela Sennett <jira@ipcinc.atlassian.net>
Reply-To: support@ipccertification.org
To: kpitman@industrialinsite.com
Message-ID: <JIRA.11627.1431963152000.3018.1432297261732@Atlassian.JIRA>
In-Reply-To: <JIRA.11627.1431963152000@Atlassian.JIRA>
References: <JIRA.11627.1431963152000@Atlassian.JIRA> <JIRA.11627.1431963152286@ipcinc.atlassian.net>
Subject: [JIRA] [Certification Service Desk] Two more certificates were not
received [CQIDESK-905]
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_Part_5889_11645839.1432297261550"
X-JIRA-FingerPrint: 02fa70b48a9f7e8bdd0d12ff74b160b9
Auto-Submitted: auto-generated
Precedence: bulk
X-SmarterMail-Spam: SPF_None, Commtouch 30 [value: Confirmed], ISpamAssassin 1 [raw: 1], DK_None, DKIM_None
X-CTCH-RefId: str=0001.0A010204.555E1311.01AC,ss=4,sh,re=0.000,recu=0.000,reip=0.000,cl=4,cld=1,fgs=8
X-SmarterMail-TotalSpamWeight: 31
Here is the delivery log entry for the above
[2015.05.22] 07:21:09 [20198] Delivery started for jira@ipcinc.atlassian.net at 7:21:09 AM
[2015.05.22] 07:21:13 [20198] Spam check results: [_SPF: None], [FIVE-TEN: passed], [HOSTKARMA - BLACKLIST: passed], [HOSTKARMA - BROWNLIST: passed], [HOSTKARMA - WHITELIST: passed], [SORBS - ABUSE: passed], [SORBS - DYNAMIC IP: passed], [SORBS - PROXY: passed], [SORBS - SOCKS: passed], [SPAMCOP: passed], [SPAMHAUS - PBL: passed], [SPAMHAUS - PBL2: passed], [SPAMHAUS - SBL: passed], [SPAMHAUS - XBL: passed], [SPAMHAUS - XBL2: passed], [UCEPROTECT LEVEL 1: passed], [UCEPROTECT LEVEL 2: passed], [UCEPROTECT LEVEL 3: passed], [_REVERSEDNSLOOKUP: passed], [_COMMTOUCH: 30,Confirmed], [_INTERNALSPAMASSASSIN: 1:1], [_DK: None], [_DKIM: None]
[2015.05.22] 07:21:15 [20198] Starting local delivery to kpitman@industrialinsite.com
[2015.05.22] 07:21:15 [20198] Delivery for jira@ipcinc.atlassian.net to kpitman@industrialinsite.com has completed (Delivered) Filter: Spam (Weight: 31)
[2015.05.22] 07:21:15 [20198] End delivery to kpitman@industrialinsite.com
[2015.05.22] 07:21:15 [20198] Delivery finished for jira@ipcinc.atlassian.net at 7:21:15 AM [id:99120198]
and here is the SMTP log
[2015.05.22] 07:21:06 [165.254.226.181][63696334] rsp: 220 helm.supportunlimited.net
[2015.05.22] 07:21:06 [165.254.226.181][63696334] connected at 5/22/2015 7:21:06 AM
[2015.05.22] 07:21:06 [165.254.226.181][63696334] cmd: EHLO emx-108-1.sc1.uc-inf.net
[2015.05.22] 07:21:06 [165.254.226.181][63696334] rsp: 250-helm.supportunlimited.net Hello [165.254.226.181]250-SIZE 31457280250-AUTH LOGIN CRAM-MD5250-8BITMIME250 OK
[2015.05.22] 07:21:06 [165.254.226.181][63696334] cmd: MAIL FROM:<jira@ipcinc.atlassian.net> SIZE=26011
[2015.05.22] 07:21:08 [165.254.226.181][63696334] rsp: 250 OK <jira@ipcinc.atlassian.net> Sender ok
[2015.05.22] 07:21:08 [165.254.226.181][63696334] cmd: RCPT TO:<kpitman@industrialinsite.com>
[2015.05.22] 07:21:08 [165.254.226.181][63696334] rsp: 250 OK <kpitman@industrialinsite.com> Recipient ok
[2015.05.22] 07:21:08 [165.254.226.181][63696334] cmd: DATA
[2015.05.22] 07:21:08 [165.254.226.181][63696334] rsp: 354 Start mail input; end with <CRLF>.<CRLF>
[2015.05.22] 07:21:08 [165.254.226.181][63696334] rsp: 250 OK
[2015.05.22] 07:21:08 [165.254.226.181][63696334] Data transfer succeeded, writing mail to 99120198.eml
[2015.05.22] 07:21:08 [165.254.226.181][63696334] cmd: QUIT
[2015.05.22] 07:21:08 [165.254.226.181][63696334] rsp: 221 Service closing transmission channel
[2015.05.22] 07:21:08 [165.254.226.181][63696334] disconnected at 5/22/2015 7:21:08 AM
Let me know what you think, I did another check on this IP address at the Cyren website and this IP came back as no risk
Alex