[sniffer] Training GBUdb on the client IP for telus.net

[Colbeck, Andrew]

Given the attached header text, would this snippet in snf_engine.xml
help me to train GBUdb on the email clients' IP address from this
specific ISP?

I tested by querying:

SNFClient.exe -test 216.218.29.230

And then re-testing the spam, and then querying GBUdb again. The second
test showed that "good count" had moved from zero to one and the whole
email email scan status was "clean". That tells me the test is good, but
I'm not sure it's "right".

Thanks,


Andrew.







Received: from defout.telus.net [204.209.205.32]
        by mail.bentallkennedy.com (Alligate(TM) SMTP Gateway v3.11.1.27)
        with ESMPT id 
<b3a68594afd61add.8d1b51b914f43...@mail.bentallkennedy.com>
        for <mun...@bentallkennedy.com>; Thu, 20 Oct 2011 08:15:02 -0700
Received: from edmwcm03 ([204.209.205.31]) by priv-edmwes26.telusplanet.net
          (InterMail vM.8.01.03.00 201-2260-125-20100507) with ESMTP
          id <20111020151450.MVLG2464.priv-edmwes26.telusplanet.net@edmwcm03>
          for <mun...@bentallkennedy.com>;
          Thu, 20 Oct 2011 09:14:50 -0600
Received: from MASTERMI-C9B95A ([216.218.29.230])
        by edmwcm03 with bizsmtp
        id n3En1h00H4xthAo013EqsP; Thu, 20 Oct 2011 09:14:50 -0600
X-Authority-Analysis: v=1.1 cv=fPvcD3ruMqWSuqnVm9kxnHZRnXao30j++tIggJ+3/0M=
 c=1 sm=2 a=jl-cCIeRehoA:10 a=LGgl8L9ij00A:10 a=8nJEP1OIZ-IA:10
 a=-r7E9uJ4AAAA:8 a=W_7C4bVlAAAA:8 a=V0IiZUKOAAAA:8 a=8YKMQM-zAAAA:8
 a=fCuKvYZLhw5dZ9t38toA:9 a=fhqZuh9cIv8KtWpwYmgA:7 a=wPNLvfGTeEIA:10
 a=tXsnliwV7b4A:10 a=UyoTvL-1vhQzJxZV:21 a=O2mkXwd58PuPZkWQ:21
X-Telus-Outbound-IP: 216.218.29.230
Reply-To: t...@tdcommercialbanking.ca
From: "TD Commercial Banking"<t...@telus.net>
To: "" <mun...@bentallkennedy.com>
Subject: Web Business Banking - System Administrator Notice
Sender: "TD Commercial Banking"<t...@telus.net>
Mime-Version: 1.0
Content-Type: text/html; charset="iso-8859-1"
Date: Thu, 20 Oct 2011 15:14:41 GMT
Message-ID: <40481453127992097@MASTERMI-C9B95A>
X-Originating-IP: 204.209.205.32
Return-Path: t...@telus.net
X-OriginalArrivalTime: 20 Oct 2011 15:16:58.0576 (UTC) 
FILETIME=[4F743500:01CC8F3B]


#############################################################
This message is sent to you because you are subscribed to
  the mailing list <sniffer@sortmonster.com>.
This list is for discussing Message Sniffer,
Anti-spam, Anti-Malware, and related email topics.
For More information see http://www.armresearch.com
To unsubscribe, E-mail to: <sniffer-...@sortmonster.com>
To switch to the DIGEST mode, E-mail to <sniffer-dig...@sortmonster.com>
To switch to the INDEX mode, E-mail to <sniffer-in...@sortmonster.com>
Send administrative queries to  <sniffer-requ...@sortmonster.com>