Dan, I don't know about 'normal' place or definition, but the line IMail writes as the received from: has the hostname (as claimed by the connecting computer, don't think it was the HELO line) and the IP address (as found in the packet data). Not sure if that makes it a 'bad' header, or just different (I think it is better...yea, you have to look, but it told you what you needed to know. If it had done a ptr, and nothing found, what would go there?).
How To: In the domains Antispam folder, Connection Filtering tab, has a checkbox "Perform reverse DNS lookup for connecting server" and its usage is defined as: The IP address of the connecting server is used to perform a reverse DNS lookup, to determine the domain name. If a domain has a valid PTR record, the message is accepted. If a reverse lookup fails, it means there is no reverse record for that IP address, and the message is marked as spam. >From my quick check of the domains you quoted, the "Bad Header" message would have been marked as spam and then filtered (Rules). The other 2 settings on that page, "Verify MAIL FROM Address" and "Verify HELO/EHLO Domain" are equally powerful spam identification techniques. Daniel Donnelly -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Dan Barker Sent: Thursday, May 05, 2005 12:31 PM To: [email protected] Subject: [IMail Forum] How to check for no PTR IMail (8.15) appears not to put the PTR results in the "normal" place. The two examples below show a Recieved header from a sender with valid DNS entries and another with totally bogus information. I can't tell them apart except by running a dig -x on each. Does IMail do ANYTHING with PTR? How can I use this? Dan Barker Bad Header: Received: from rnaiewno.com [66.0.118.65] by visioncomm.net (SMTPD32-8.15) id A940495001E; Thu, 05 May 2005 11:18:24 -0400 Good Header: Received: from dazed.lightbridge.com [206.35.13.66] by visioncomm.net with ESMTP (SMTPD32-8.15) id AD4A8D30072; Thu, 05 May 2005 11:35:38 -0400 Definition: "Normal" place; a la sendmail Received: from <helo> (<rdns>[<ip>]) by <us> ... or Received: from fsmail432.com (H1b65.h.pppool.de [85.72.27.101]) by xanadu.evi-inc.com ... To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
