On 3/04/2003 at 15:08:09, Serhan Sevim wrote: > Then the question is, why does IMGate check only the last sender IP address > in the header? not the first one, where the email is originating from,? > where the real spammer is hiding behind.
Because Postfix is doing the check based on the IP address it receives the connection from, not any of the IP addresses in the headers. That allows it to refuse the message before it's even delivered (and hence it never sees the headers). > That would definitely increase the accuracy. > Any idea if we could do that ? It mostly defeats the purpose, because you incur all the cost from accepting the mail before you can throw it away. Also, Received: lines are often forged, and picking out where the real ones end and the fakes begin would be very difficult to do accurately in a program. spamcop.net tries, but it still makes mistakes. Checking based on message contents (ie the header_checks and body_checks files) is very expensive in CPU time. Lookups of a value you already have (the connecting IP address) are cheap. Cheers, Evan
