On Wednesday, October 12, 2005, 6:30:45 PM, William wrote: WVH> Pete,
WVH> Was just wondering, I have all of my e-mail pass through an IMGate/Postfix WVH> machine prior to hitting my main mail server. Sometimes, e-mail (especially WVH> spam) gets forwarded from the secondary MX as well. If we use the POP method WVH> of redirecting spam to an appropriate mailbox are you just going to be WVH> scanning the messages for content, or inspecting the headers for IP WVH> information as well? We will inspect all parts of the messages manually and with automated tools. This is true of all spam that arrives at our system no matter how it gets there. WVH> Reason I'm asking is, I just want to make sure that one of my own servers WVH> doesn't end up included in some type of blacklist rule. It seems like it WVH> would take an awful lot of work on your part to ensure that any filters WVH> don't contain IPs of one of your customer's machines, if you are scanning WVH> header information. When you throw-in the fact that the redirect may come WVH> from the client of an entirely different network with no link whatsoever to WVH> our DNS records, that would seem to make taking any header information WVH> (except maybe the Subject or From lines) into account a very risky WVH> proposition. Thanks!!! Actually, we can often be very precise about the routing of messages pulled from pop accounts. That said, there is always a non-zero risk that an IP which is listed in certain black lists and also arrives at one of our traps may be added to our rulebase. This is almost always an automated process since we have determined that manually entered IPs are prone to errors. If an IP on one of your servers does get tagged, then you would be able to use to rule-panic procedure for immediate relief and once the problem was solved it could not be recreated. Part of our system is that it remembers every mistake we ever made and prevents us making that same mistake again --- unless we're really, really determined ;-) Understand, I'm not making light of this possibility... we take all false positive cases (real or imagined) very seriously. I do want to point out that these cases are rare, easily solved, and nearly impossible to repeat. I should also point out that this "risk" is not increased by using the pop3 method. Hope this helps, _M This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
