relays.osirusoft.com/cgi-bin/rbcheck.cgi?addr=65.86.51.18 It looks like only one RBL has that IP blocked. With any system some spam will still sneak in.
Michael --- Have a YoYo - join the group! http://homepage.mac.com/YoYo_support/ on 2/13/02 6:34 PM, Global Homes Webmaster at [EMAIL PROTECTED] wrote: > On 02/13/02 at 16:10, ServerSmiths wrote: > >> based on an excellent post last week I updated my RBL servers list and >> chopped out the zillion ips I had blacklisted as there were too many >> earthlink ips in there and I was getting too much static about bouncing >> email. >> >> anyway, I now have >> >> 127.0.0.2-127.0.0.255 >> >> >> as my blacklisted ips as that was recommended in the post but >> >> I just got some spam with this header >> >> Return-Path: [EMAIL PROTECTED] >> Received: from [65.86.51.18] (HELO localhost.localdomain) by >> serversmiths.com (Stalker SMTP Server 1.8b8) with ESMTP id S.0000814831 for >> <[EMAIL PROTECTED]>; Wed, 13 Feb 2002 15:59:56 -0800 >> Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) >> by localhost.localdomain (8.9.3/8.9.3) with ESMTP id QAA14761 >> >> >> should I be blacklisting 127.0.0.1 >> >> also? > > No. 127.0.0.1 is the 'local loopback address' that a computer uses to make a > connection to itself (a loopback connection). You should not be blacklisting > that address and none of the DNS-based RBLs will return it as a response, > which is why it is left out of the blacklisted range. In the above headers, > the MTA that sent the message to your server (from 65.86.51.18) received the > message from (presumably) another process on the same machine via the > 127.0.0.1 loopback address before relaying it to you. Your SIMS server only > saw a connection from 65.86.51.18, so it would have queried its configured RBL > servers for that address. If the RBL response had been an address in the > 127.0.0.2-127.0.0.255 range, the message would have been rejected. In general, > only the last (uppermost) 'Received' header is written by SIMS and reflects a > connection that was actually made to SIMS. All other 'Received' headers are > written by other MTAs before the message gets to SIMS. One or all of those > headers could easily be forged or otherwise obfuscated in some way, so their > usefulness is limited. ############################################################# This message is sent to you because you are subscribed to the mailing list <[EMAIL PROTECTED]>. To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
