IPNOTINMX = IP NOT IN MX. As you said earlier there are no MX records for the IP address of the server you received that mail from. Declude looks at the senders mail from domain and compares it to the the IP address the server received the mail from looking for an MX.
In this case the senders mail from domain is not an MX for the IP address so the test fails.
With this test most people do not assign weight to this test because it catches a lot of legit mail. Most apply reverse weight if it passes (i.e. if the IP addresses matches a MX record for the senders mail from domain.) This is ideally what it was designed for...
In summary any message where the senders mail from domain does not match/find a MX record for that domain on the IP address your server received it from will list the IPNOTINMX test as failed.
Darrell
------------------------------------------------------
Check Out DLAnalyzer a comprehensive reporting tool for
Declude Junkmail Logs - http://www.dlanalyzer.com
Joshua Levitsky writes:
Below is the declude warnings from an email I got. I was wondering how IPNOTINMX tripped when as per HELOBOGUS there are no MX or A records? Since there is no MX record isn't it impossible for there to be an IP in a record that doesn't exist?
Am I right about my logic above? Am I just up too late? The mail was caught cause I catch on 20, but I was curious about the IPNOTINMX showing up.
-Josh
From: suzanne <[EMAIL PROTECTED]>
Subject: hey
Date: September 21, 2003 12:10:59 AM EDT
To: Firstname Lastname <[EMAIL PROTECTED]>
Received: from D6Z9X2 [68.68.245.212] by joshie.com (SMTPD32-8.03) id A50412D200C8; Sun, 21 Sep 2003 00:11:48 -0400
X-Priority: 3 (normal)
Importance: Normal
X-Mailer: Microsoft Outlook, Build 10.0.2616
Mime-Version: 1.0
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: base64
Message-Id: <[EMAIL PROTECTED]>
X-Rbl-Warning: SPAMCOP: Blocked - see http://spamcop.net/bl.shtml?68.68.245.212
X-Rbl-Warning: FIVETENSRC: 212.245.68.68.blackholes.five-ten-sg.com.
X-Rbl-Warning: NOABUSE: Not supporting [EMAIL PROTECTED]
X-Rbl-Warning: BASE64: A binary encoded text or HTML section was found in this E-mail.
X-Rbl-Warning: HELOBOGUS: Domain D6Z9X2 has no MX or A records.
X-Rbl-Warning: SPAMDOMAINS: Spamdomain '@yahoo.' found: Address of [EMAIL PROTECTED] sent from invalid fl-wdel-u2-c6bb-212.atlsfl.adelphia.net.
X-Rbl-Warning: GIBBERISH: Message failed GIBBERISH test (84)
X-Rbl-Warning: ANTIGIBBERISH: Message failed ANTIGIBBERISH test (14)
X-Declude-Sender: [EMAIL PROTECTED] [68.68.245.212]
X-Declude-Spoolname: D250412d200c8c414.SMD
X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam.
X-Note: This E-mail was sent from fl-wdel-u2-c6bb-212.atlsfl.adelphia.net ([68.68.245.212]).
X-Spam-Tests-Failed: SPAMCOP, FIVETENSRC, NOABUSE, BASE64, HELOBOGUS, SPAMDOMAINS, GIBBERISH, ANTIGIBBERISH, IPNOTINMX, NOLEGITCONTENT, SPAMLOW [34]
X-Country-Chain: UNITED STATES->destination
--- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
--- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
