I wrote a geoip script (my blog) and if you mess about with various log formats it works with many output logs since they all differ to a certain extent and so i ran it aganust our email server.
So i got curious and wondered what Afghanistan was sending….
/smtpd[*]: connect from unknown[18.104.22.168]
policyd-spf[*]: Neutral; identity=mailfrom; client-ip=22.214.171.124; helo=[126.96.36.199]; email@example.com; receiver=thezoo
/smtpd[*]: NOQUEUE: reject: RCPT from unknown[188.8.131.52]: 554 5.7.1 Service unavailable; Client host [184.108.40.206] blocked using xbl.spamhaus.org; 220.127.116.11; from=.215.18; from=<*@billwatsonfineart.com> to=<*@billwatsonfineart.com> to=<thezoo> proto=ESMTP helo=<[18.104.22.168]>
/smtpd[*]: disconnect from unknown[22.214.171.124]
No idea but Afganistan selling art sounds wrong based on this (my blog). I am sure the domain owner would not be welcome in Kabul.
126.96.36.199 - 188.8.131.52 Giganor-BroadBand-wireless-customers H # 263, Shora Street 4, Cart e 3, Kabul Kabul AF abuse-mailbox: firstname.lastname@example.org
This ‘Freedom’ seems wasted on Islamic believers, However i guess it might be drugs or something deemed moral after all it been already flagged as spam its certainly not bacon.
The moral to this story do not use godaddy (my blog) who our cavemen are using for a false identity.