Billy, The SMTP kill.lst looks at the FROM address sent during the SMTPD connection (what you see in your SMTP logs), while (in a functioning mail client) this is usually the same as the email address in the message headers, it is not always. Nor, is it technically required to be the same. In most spam emails, the FROM address in the SMTP connection and the FROM address in the headers are not only different, but usually both forged or nonexistent.
If you use: @*.domain.com Then you will block '[EMAIL PROTECTED]', but will not block '[EMAIL PROTECTED]' or '[EMAIL PROTECTED]'. If you use: @*domain.com Then you will block '[EMAIL PROTECTED]', '[EMAIL PROTECTED]', '[EMAIL PROTECTED]', and '[EMAIL PROTECTED]'. Have a good one, Christian -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Billy Sent: Wednesday, July 23, 2003 11:04 AM To: [EMAIL PROTECTED] Subject: RE: [IMail Forum] Kill.lst > that will not block [EMAIL PROTECTED] due to the "dot" before domain > > Eric S Doesn't the kill.lst also scan the headers for the hostname of the mailserver? If that is the case then a rule @*domain.com wouldn't catch smtp20.domain.com (or would it, I am confused). I was told to use *.domain.com by a tech at Ipswitch, but he didn't sound too sure. --- [This E-mail was scanned for viruses by QuestNet.net (http://www.QuestNet.net)] To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
