RE: [Declude.JunkMail] Spamdomains: Which IP ?
Note, that for internal email, the IP address used in SPAMDOMAINS is the email address of the sender. So, for us, that gets translated to our ISP's name, as only the mail server has rDNS set up (we trap on our own mail server address in spamdomains, as that was being faked by quite a bit of email and slipping thru (we used to whitelist our own server)). So, this am, all email sent inhouse started getting held (I was updating weights) until I added an alternative domain name to the list. I assume that outside mail would have used the IP of the transmitting mail server, not that of the sender (unless they were the same). Karen -Original Message- From: R. Scott Perry The RDNS test is run against the IP address of the original sending mail server, not the IP of the client machine that drafted the message. I don't believe that intermediate hops are considered in this test, just the RDNS of the originating mail server. Scott, can confirm this. Declude JunkMail uses the same IP that it uses for getting the reverse DNS entry, and that is used for IP-based spam tests. By default, this is the IP address that connected to IMail. However, depending on the IPBYPASS and HOP settings, it may be different (for example, the IP address that connected to a backup or gateway mailserver). --- [This E-mail scanned for viruses by Declude Virus] --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] Spamdomains: Which IP ?
Note, that for internal email, the IP address used in SPAMDOMAINS is the email address of the sender. So, for us, that gets translated to our ISP's name, as only the mail server has rDNS set up (we trap on our own mail server address in spamdomains, as that was being faked by quite a bit of email and slipping thru (we used to whitelist our own server)). So, this am, all email sent inhouse started getting held (I was updating weights) until I added an alternative domain name to the list. I assume that outside mail would have used the IP of the transmitting mail server, not that of the sender (unless they were the same). In the case of E-mail from your users, the IP of their computer would be used. But, if you only list domains in the spamdomains file that your users should not be sending from, you will be fine (IE if your users are not allowed to send out E-mail with an @earthlink.com address, you could have that listed in the spamdomains file). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] Spamdomains: Which IP ?
After reading 100+ archive message about spamdomain, I was thinking that the ip used for the RDNS query is the one of the original remote smtp server but after playing arround with a dummy domain i set up, i have now some doubts that the test is using the IP of the ip of the original client that sent the message, and not the remote smtp server so which is it, and why ? and if it is the smtp server and there are several intermediary gateways, will the ip be that of the original server, or the final one ? TIA --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Spamdomains: Which IP ?
The RDNS test is run against the IP address of the original sending mail server, not the IP of the client machine that drafted the message. I don't believe that intermediate hops are considered in this test, just the RDNS of the originating mail server. Scott, can confirm this. The theory is that most of the large mail host providers, and frequently forged domain hosts (like aol.com, yahoo.com, hotmail.com, etc.), have their DNS configured correctly so that if queried for the PTR record of the originating mail server's IP address (RDNS), it will respond with the domain listed in the from address somewhere in the response, or that of another domain defined in the SpamDomains file (a good match). If it does not contain the from domain, or an alternate predefined domain, somewhere in the response, then it probably was not sent from a designated mail server for that domain and is most likely spam. HTH to clarify. Bill - Original Message - From: Serge [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Sunday, June 15, 2003 8:41 AM Subject: [Declude.JunkMail] Spamdomains: Which IP ? After reading 100+ archive message about spamdomain, I was thinking that the ip used for the RDNS query is the one of the original remote smtp server but after playing arround with a dummy domain i set up, i have now some doubts that the test is using the IP of the ip of the original client that sent the message, and not the remote smtp server so which is it, and why ? and if it is the smtp server and there are several intermediary gateways, will the ip be that of the original server, or the final one ? TIA --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Spamdomains: Which IP ?
The RDNS test is run against the IP address of the original sending mail server, not the IP of the client machine that drafted the message. I don't believe that intermediate hops are considered in this test, just the RDNS of the originating mail server. Scott, can confirm this. Declude JunkMail uses the same IP that it uses for getting the reverse DNS entry, and that is used for IP-based spam tests. By default, this is the IP address that connected to IMail. However, depending on the IPBYPASS and HOP settings, it may be different (for example, the IP address that connected to a backup or gateway mailserver). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] Spamdomains: Which IP ?
Okay, thanks for the clarification Scott. Bill - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Sunday, June 15, 2003 10:32 AM Subject: Re: [Declude.JunkMail] Spamdomains: Which IP ? The RDNS test is run against the IP address of the original sending mail server, not the IP of the client machine that drafted the message. I don't believe that intermediate hops are considered in this test, just the RDNS of the originating mail server. Scott, can confirm this. Declude JunkMail uses the same IP that it uses for getting the reverse DNS entry, and that is used for IP-based spam tests. By default, this is the IP address that connected to IMail. However, depending on the IPBYPASS and HOP settings, it may be different (for example, the IP address that connected to a backup or gateway mailserver). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you have been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
