On Jan 5, 2009, at 7:42 AM, David E. Smith wrote:

I don't see how this would work - the mails are coming from authenticated Web users, being sent to random US-based Yahoo and Hotmail addresses mainly. Since there's nothing indicating "Nigeria" in the SMTP layer (boy oh boy I wish Imail would add sender-IP to mail from the Web interface), this probably won't help.



eWall gets the senders IP address from iMail and "knows" from which country it is coming from regardless of if iMail allows the secure connection (it uses a DB of IPs as related to their issued country - http://www.maxmind.com/app/geolitecountry) . You can then erase the email before it leaves your server as well as use the IP in a blacklist.

He's a log entry that shows how the sender (an authorized iMail user) is identified as one form the USA:

1/5/2009 8:16:09 AM 22019 0 ------ Requested connection from United States 12.183.245.146 1/5/2009 8:16:09 AM 22019 109 Checking condition 'sender IP in black list' 1/5/2009 8:16:09 AM 22019 109 Checking condition 'sender IP is not local' 1/5/2009 8:16:09 AM 22019 109 Checking condition 'sender IP is not on LAN' 1/5/2009 8:16:09 AM 22019 109 Checking condition 'sender IP not in white list' 1/5/2009 8:16:09 AM 22019 109 Checking condition 'sender country is not 'Canada' or 'Finland' or 'India' or 'Ireland' or 'Mexico' or 'Ukraine'...' 1/5/2009 8:16:09 AM 22019 296 < 220 mail.sgdesign.com (IMail 9.23 3668-1) NT-ESMTP Server X1
1/5/2009 8:16:09 AM     22019   390     > EHLO rodney
1/5/2009 8:16:09 AM     22019   484     < 250-mail.sgdesign.com says hello
1/5/2009 8:16:09 AM     22019   484     < 250-SIZE 0
1/5/2009 8:16:09 AM     22019   484     < 250-8BITMIME
1/5/2009 8:16:09 AM     22019   484     < 250-AUTH LOGIN CRAM-MD5
1/5/2009 8:16:09 AM     22019   484     < 250-AUTH LOGIN
1/5/2009 8:16:09 AM     22019   484     < 250-AUTH=LOGIN
1/5/2009 8:16:09 AM     22019   484     < 250-EXPN
1/5/2009 8:16:09 AM     22019   484     < 250 OK
1/5/2009 8:16:09 AM     22019   578     > AUTH LOGIN
1/5/2009 8:16:10 AM     22019   671     < 334 VXNlcm5hbWU6
1/5/2009 8:16:10 AM     22019   765     > cm9kbmV5QHBhY2lmaWNob21lc2FsZXMuY29t
1/5/2009 8:16:10 AM     22019   859     < 334 UGFzc3dvcmQ6
1/5/2009 8:16:10 AM     22019   953     > NjI1Zmd3
1/5/2009 8:16:10 AM     22019   1046    < 235 authenticated
1/5/2009 8:16:10 AM     22019   1156    > MAIL FROM: <rod...@domainreplaced.com>
1/5/2009 8:16:10 AM     22019   1234    < 250 ok
1/5/2009 8:16:10 AM 22019 1234 Checking condition 'sender address contains 'Metso.com''
1/5/2009 8:16:10 AM     22019   1296    > RCPT TO: <valerie.s...@sbcglobal.net>
1/5/2009 8:16:10 AM 22019 1421 < 250 ok its for <valerie.s...@sbcglobal.net >
1/5/2009 8:16:10 AM     22019   1484    > DATA
1/5/2009 8:16:10 AM     22019   1484    < 354 Ready
1/5/2009 8:16:11 AM 22019 1656 Message ID: <001601c96f50$ec173320$64000...@rodney>
1/5/2009 8:16:11 AM     22019   1656    Subject: El Cajon #155
1/5/2009 8:16:11 AM     22019   1656    Message size: 1.42 KB
1/5/2009 8:16:11 AM 22019 1656 Checking condition 'sender is not authenticated'
1/5/2009 8:16:11 AM     22019   1671    < 250 Message queued
1/5/2009 8:16:11 AM     22019   2000    > QUIT
1/5/2009 8:16:11 AM     22019   2031    < 221 Goodbye
1/5/2009 8:16:11 AM     22019   2031    Disconnect




Regards,


Steve Guluk
SGDesign
(949) 661-9333




Reply via email to