On Jan 5, 2009, at 7:42 AM, David E. Smith wrote:
I don't see how this would work - the mails are coming from
authenticated Web users, being sent to random US-based Yahoo and
Hotmail addresses mainly. Since there's nothing indicating "Nigeria"
in the SMTP layer (boy oh boy I wish Imail would add sender-IP to
mail from the Web interface), this probably won't help.
eWall gets the senders IP address from iMail and "knows" from which
country it is coming from regardless of if iMail allows the secure
connection (it uses a DB of IPs as related to their issued country - http://www.maxmind.com/app/geolitecountry)
. You can then erase the email before it leaves your server as well as
use the IP in a blacklist.
He's a log entry that shows how the sender (an authorized iMail user)
is identified as one form the USA:
1/5/2009 8:16:09 AM 22019 0 ------ Requested connection from United
States 12.183.245.146
1/5/2009 8:16:09 AM 22019 109 Checking condition 'sender IP in black
list'
1/5/2009 8:16:09 AM 22019 109 Checking condition 'sender IP is not
local'
1/5/2009 8:16:09 AM 22019 109 Checking condition 'sender IP is not on
LAN'
1/5/2009 8:16:09 AM 22019 109 Checking condition 'sender IP not in
white list'
1/5/2009 8:16:09 AM 22019 109 Checking condition 'sender country is
not 'Canada' or 'Finland' or 'India' or 'Ireland' or 'Mexico' or
'Ukraine'...'
1/5/2009 8:16:09 AM 22019 296 < 220 mail.sgdesign.com (IMail 9.23
3668-1) NT-ESMTP Server X1
1/5/2009 8:16:09 AM 22019 390 > EHLO rodney
1/5/2009 8:16:09 AM 22019 484 < 250-mail.sgdesign.com says hello
1/5/2009 8:16:09 AM 22019 484 < 250-SIZE 0
1/5/2009 8:16:09 AM 22019 484 < 250-8BITMIME
1/5/2009 8:16:09 AM 22019 484 < 250-AUTH LOGIN CRAM-MD5
1/5/2009 8:16:09 AM 22019 484 < 250-AUTH LOGIN
1/5/2009 8:16:09 AM 22019 484 < 250-AUTH=LOGIN
1/5/2009 8:16:09 AM 22019 484 < 250-EXPN
1/5/2009 8:16:09 AM 22019 484 < 250 OK
1/5/2009 8:16:09 AM 22019 578 > AUTH LOGIN
1/5/2009 8:16:10 AM 22019 671 < 334 VXNlcm5hbWU6
1/5/2009 8:16:10 AM 22019 765 > cm9kbmV5QHBhY2lmaWNob21lc2FsZXMuY29t
1/5/2009 8:16:10 AM 22019 859 < 334 UGFzc3dvcmQ6
1/5/2009 8:16:10 AM 22019 953 > NjI1Zmd3
1/5/2009 8:16:10 AM 22019 1046 < 235 authenticated
1/5/2009 8:16:10 AM 22019 1156 > MAIL FROM: <rod...@domainreplaced.com>
1/5/2009 8:16:10 AM 22019 1234 < 250 ok
1/5/2009 8:16:10 AM 22019 1234 Checking condition 'sender address
contains 'Metso.com''
1/5/2009 8:16:10 AM 22019 1296 > RCPT TO: <valerie.s...@sbcglobal.net>
1/5/2009 8:16:10 AM 22019 1421 < 250 ok its for <valerie.s...@sbcglobal.net
>
1/5/2009 8:16:10 AM 22019 1484 > DATA
1/5/2009 8:16:10 AM 22019 1484 < 354 Ready
1/5/2009 8:16:11 AM 22019 1656 Message ID:
<001601c96f50$ec173320$64000...@rodney>
1/5/2009 8:16:11 AM 22019 1656 Subject: El Cajon #155
1/5/2009 8:16:11 AM 22019 1656 Message size: 1.42 KB
1/5/2009 8:16:11 AM 22019 1656 Checking condition 'sender is not
authenticated'
1/5/2009 8:16:11 AM 22019 1671 < 250 Message queued
1/5/2009 8:16:11 AM 22019 2000 > QUIT
1/5/2009 8:16:11 AM 22019 2031 < 221 Goodbye
1/5/2009 8:16:11 AM 22019 2031 Disconnect
Regards,
Steve Guluk
SGDesign
(949) 661-9333