I realize the primary problem is with the sending server's configuration. I haven't been very effective at convincing people to change something on their end, when they say that the only place their mail doesn't get delivered is here. Most don't know how to spell DNS, either.
Does MAPS return anything which would indicate the IP is IANA reserved? This is only a potential problem when checking beyond HOP 0 against RBL and RBL+. If I whitelist an IANA Reserved block for the purposes of HOP 1 that will whitelist the e-mail even if it fails other fatal tests for HOP 0. So, that's not a very good solution. I can whitelist addresses after the fact, but that means the customer had called and complained or I caught it by accident. Also, not so good. IANA has had most of those blocks reserved for a very long time. The dates were included in the original e-mail. I realize they could release them, but I don't think it is very likely. Even if they did release some, it is doubtful that it would be many. If Declude ignored them for HOPs greater than 0 and IANA later released one, someone would most surely discover it so it could be fixed. We're only talking about testing MAPS (RBL and RBL+) for HOPs which are greater than zero. I would like to continue to use RBL, (actually RBL+ instead) and check HOP 1. I don't know the best solution . . . Saturday, August 3, 2002, 5:22:50 PM, R. Scott Perry <[EMAIL PROTECTED]> wrote: RSP> > The long and short is that there is a problem with MAPS and using RSP> > HOP/HOP High. >>HOP 0 >>HOPHIGH 1 >> >>08/02/2002 16:36:26 Qfb50142 Msg failed RBL (This E-mail came from >>1.4.11.75, a potential spam source listed in RBL.). >> >>Headers: >>Received: from B2BWeb1.Resource.MH2.Com [65.203.99.90] by Leitos.com with >>ESMTP >> (SMTPD32-6.06) id AB50D7E0142; Fri, 02 Aug 2002 16:36:16 -0500 >>Received: from daa21301www003.cus.drtn.corp ([1.4.11.75]) by >>B2BWeb1.Resource.MH2.Com with Microsoft SMTPSVC(5.0.2195.4905); >> Fri, 2 Aug 2002 16:36:15 -0500 RSP> I'm not sure that I see the problem... >>You'll note that this was killed due to the RBL failing on HOP HIGH. >>Declude did what it was suppose to do. RSP> Yes. >>MAPS has Blackholed most all of the IANA reserved addresses, which are >>defined at http://www.iana.org/assignments/ipv4-address-space. But, >>they have NOT Blackholed the RFC1918 private addresses. RSP> That's good. The "IANA Reserved" addresses are ones that are *RESERVED* by RSP> IANA. That means that tomorrow IANA has the full right to give them out to RSP> spammers. And spammers are very likely today to use fake Received: headers RSP> using them. And *nobody* has a right to use those addresses except IANA. RSP> The problem here isn't with MAPS -- it's with "drtn.corp" (not even a valid RSP> domain name), who is using an IP address they aren't authorized to RSP> use. While that isn't against the law, it's against the RFCs -- and doing RSP> so has drawbacks, such as having your mail killed. RSP> Note that Declude JunkMail automatically detects private IPs (RFC1918), but RSP> we can't exempt IPs that could be used by spammers in the future. >>Checking HOP 1 does reduce SPAM. So, is it possible to not check MAPS >>when greater than HOP zero is an IANA or RFC1918 reserved address? RSP> You can whitelist the IP, that would likely be the best bet in this situation. >>Also, can you write to the log when it does fail a HOP > 0? RSP> Good idea -- I'll see if that can be done. >>This is the text that MAPS returns on thier site for those verified "x" above: >> "This network address is reserved by the Internet Assigned Numbers >> Authority (IANA). No Internet traffic should originate from this >> address. Any packets with this source address can be assumed to >> be forged. RSP> And that's exactly why they blacklist those IPs. :) RSP> -Scott RSP> --- RSP> [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] RSP> --- RSP> This E-mail came from the Declude.JunkMail mailing list. To RSP> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and RSP> type "unsubscribe Declude.JunkMail". The archives can be found RSP> at http://www.mail-archive.com. ---- Don Brown - Dallas, Texas USA Internet Concepts, Inc. [EMAIL PROTECTED] http://www.inetconcepts.net PGP Key ID: 04C99A55 (972) 788-2364 Fax: (972) 788-5049 Providing Internet Solutions Worldwide - An eDataWeb Affiliate ---- --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
