On 08/13/02 at 08:38, Mailing Lists wrote:
> Does the blacklist apply only to the final server that talks to mine?
Yes. SIMS doesn't see the intermediate relays until after it's already done
its blacklist check because they're in the message headers, which are part
of the DATA portion of the message. And since they're part of the DATA,
SIMS doesn't look at them anyway.
> For example, I often get spam that comes through 5 relays then the
> final leg is through yahoo.com.
>
> Is there a way to block mail that has been relayed through a particular
> server?
Rejecting mail based on intermediate relays isn't as good an idea as you
might think. 'Received' headers are easy to forge and, in spam, often are.
The only one you can really trust is the last (top) one, which you know was
written by your own mail server.
> If not, is the only decision to blacklist yahoo.com?
I sometimes think that's not such a bad option. 8^\
If you haven't already done so, you might want to check the IP address of
the relay to verify that it's really a Yahoo! server, and it's not just
claiming to be one in its HELO/EHLO. I get spam fairly regularly where the
final relay claims to be a server for one of the big ISPs (Yahoo!,
Earthlink, etc.), but in reality it's a middle school in China or some
such. In those cases, I have absolutely no compunction about blacklisting
the buggers.
Also, if you have multiple specimens of a given spam message and they have
any consistency in their return paths, you might be able to route the
return path to 'error'.
--
Christopher Bort | [EMAIL PROTECTED]
Webmaster, Global Homes | [EMAIL PROTECTED]
<http://www.globalhomes.com/>
#############################################################
This message is sent to you because you are subscribed to
the mailing list <[EMAIL PROTECTED]>.
To unsubscribe, E-mail to: <[EMAIL PROTECTED]>
To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]>
To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]>
Send administrative queries to <[EMAIL PROTECTED]>
