So, Scott, what you're saying is I should use: HOP 0 IPBYPASS
for IMGates in front of Imail than: HOP 0 HOPHIGH 1 IPBYPASS I still have a few domains connecting straight to my Imail server but most going through my IMGates. The first scenario would cover me if I IPBYPASSed my IMGate machines? So IPBYPASS doesn't just 'white' the IP, it moves up to the server that connected to the bypassed IP ONLY if that wouldn't violate HOPHIGH, right? Thanks David ----- Original Message ----- From: "R. Scott Perry" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, June 03, 2003 9:19 AM Subject: Re: [Declude.JunkMail] Hop, hophigh & ipbypass > > >McAfee Webshield for SMTP on mailrelay.scp.nl listens at port 25 and sends > >the e-mail > >to port 2525 to SMTPBeamer. Who relays the e-mail to imail.scp.nl. > >NAVGW on imail.scp.nl listens at port 25 and sends the e-mail to port 2525 > >to IMail, > > Ah, I see now. > > Assuming that you are going to use "HOP 0", you should also use: > > >Received: from imail.scp.nl [192.87.68.175] by imail.scp.nl > > (SMTPD32-7.15) id A9421A40096; Tue, 03 Jun 2003 14:49:06 +0200 > > IPBYPASS 192.87.68.175 > > >Received: from mailrelay.scp.nl ([192.87.68.214]) > > by imail.scp.nl (NAVGW 2.5.2.12) with SMTP id M2003060314490625617 > > for <[EMAIL PROTECTED]>; Tue, 03 Jun 2003 14:49:06 +0200 > > IPBYPASS 192.87.68.214 > > >Received: from 192.87.68.214 [192.87.68.214] > > by mailrelay.scp.nl > > with SMTPBeamer v3.33 ; > > Tue, 3 Jun 2003 14:49:06 +0200 > > IPBYPASS 192.87.68.214 > > >Received: FROM smtp2.libero.it BY mailrelay.scp.nl ; Tue Jun 03 14:49:05 > >2003 +0200 > > Ouch -- that looks like good 'old McAfee WebShield SMTP. Unfortunately, > it's broken, and doesn't include the IP address in the Recevied: > header. So you aren't going to be able to find out the IP address of the > spammer (since McAfee is intentionally hiding it). > > In this case, though, you do have an option to get around this serious > problem with WebShield -- since you are running 2 mailserver AV programs, > you could have WebShield on the IMail server, and NAVGW in front of > it. That way, the only missing IP would be the IP of the server running > NAVGW, which you don't care about as far as spam scanning goes. > > Have you thought of getting a free evaluation version of Declude Virus to > see if it can catch viruses or vulnerabilities that WebShield and NAVGW > can't? You may be surprised at the vulnerabilities that can get WebShield > and NAVGW (if they get through, that means that you won't be able to catch > some future viruses, until new releases of WebShield and/or NAVGW are ready > -- the latest virus definitions won't be enough, so it could be weeks > without virus protection). > > -Scott > --- > Declude JunkMail: The advanced anti-spam solution for IMail mailservers. > Declude Virus: Catches known viruses and is the leader in mailserver > vulnerability detection. > Find out what you have been missing: Ask for a free 30-day evaluation. > > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be found > at http://www.mail-archive.com. > --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
