Dianne Skoll wrote:
Mark Martinec <mark.martinec...@ijs.si> wrote:
I can only conclude that a rule like RCVD_ILLEGAL_IP will hit
mostly on misconfigured or misguided sending mailers, not primarily
on spam.
I disagree. Now that the Microsoft issue has been fixed, well over 95%
of the mail on our system that hits RCVD_ILLEGAL_IP is spam.
You are right, I checked our logs and the RCVD_ILLEGAL_IP does
indeed mostly hit on spam.
... although there's a funny twist there. Some of these illegal
IP addresses are not really a claimed-to-be IP address of a mailer,
but come from an embedded e-mail address in a comment:
Received: from unknown (HELO localhost)
(jennifer_pr...@sbcglobal.net@236.192.200.84)
by mm-36-150-122-178.brest.dynamic.pppoe.byfly.by with ESMTPA;
Tue, 21 Apr 2015 23:55:53 +0300
Received: from unknown (HELO localhost)
(bsobolew...@stockton-house.com@236.139.213.194)
by 76.172.150.91 with ESMTPA; Tue, 21 Apr 2015 11:41:10 -0800
so by a lucky coincidence a misparsed Received ends up
yielding a useful-but-wrong result.
Mark
