> > > Where "192.0.2.25" is the IP address of the legitimate mailserver that > >will > > > be sending you the mail (the gmx.de mailserver). Then, Declude JunkMail > > > will scan the IP of the next hop (213.245.251.84 in this case). > > > >Instead of using IPBYPASS, would it not be better to use HOP and HOPHIGH? > > Using "HOPHIGH 1" (along with the default "HOP 0") would make sure that all > forwarded E-mail like this was scanned both on the IP of the forwarding > mailserver, as well as the IP that connected to the forwarding > mailserver. The drawback, though, is that it requires twice as many DNS > packets to be transferred for the DNS-based spam tests.
True, but it also helps to protect against the known legitimate mail server when it gets compromised or changed or a user on that server that starts sending out spam or the server IP gets changed. That domains does look like it provides free e-mail service, which we know is subject to abuse. Just me overworked, non-expert and left coast 2 cents. John Tolmachoff MCSE, CSSA IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
