Re: confused about blacklisting ips

Wed, 13 Feb 2002 16:19:54 -0800 

On 02/13/02 at 16:10, ServerSmiths wrote:

> based on an excellent post last week I updated my RBL servers list and
> chopped out the zillion ips I had blacklisted as there were too many
> earthlink ips in there and I was getting too much static about bouncing
> email.
> 
> anyway, I now have
> 
> 127.0.0.2-127.0.0.255
> 
> 
> as my blacklisted ips as that was recommended in the post but
> 
> I just got some spam with this header
> 
> Return-Path: [EMAIL PROTECTED]
> Received: from [65.86.51.18] (HELO localhost.localdomain) by
> serversmiths.com (Stalker SMTP Server 1.8b8) with ESMTP id S.0000814831 for
> <[EMAIL PROTECTED]>; Wed, 13 Feb 2002 15:59:56 -0800
> Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
>     by localhost.localdomain (8.9.3/8.9.3) with ESMTP id QAA14761
> 
> 
> should I be blacklisting 127.0.0.1
> 
> also?

No. 127.0.0.1 is the 'local loopback address' that a computer uses to make a
connection to itself (a loopback connection). You should not be blacklisting
that address and none of the DNS-based RBLs will return it as a response,
which is why it is left out of the blacklisted range. In the above headers,
the MTA that sent the message to your server (from 65.86.51.18) received the
message from (presumably) another process on the same machine via the
127.0.0.1 loopback address before relaying it to you. Your SIMS server only
saw a connection from 65.86.51.18, so it would have queried its configured RBL
servers for that address. If the RBL response had been an address in the
127.0.0.2-127.0.0.255 range, the message would have been rejected. In general,
only the last (uppermost) 'Received' header is written by SIMS and reflects a
connection that was actually made to SIMS. All other 'Received' headers are
written by other MTAs before the message gets to SIMS. One or all of those
headers could easily be forged or otherwise obfuscated in some way, so their
usefulness is limited.

                   Christopher Bort | [EMAIL PROTECTED]
            Webmaster, Global Homes | [EMAIL PROTECTED]
      <http://www.globalhomes.com/> | PGP public key available on request

#############################################################
This message is sent to you because you are subscribed to
  the mailing list <[EMAIL PROTECTED]>.
To unsubscribe, E-mail to: <[EMAIL PROTECTED]>
To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]>
To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]>
Send administrative queries to  <[EMAIL PROTECTED]>

Reply via email to