Amos wrote: > well, i think that answers my questions: > Do not use PBL in filters that do any ‘deep parsing’ of > Received headers, or for other than checking IP addresses that hand > off to your mailservers." > > according to that, i should check only the first received from header
No. According to that, you _should_not_check_any_header_ contents. When a client connects to your mail server to drop off mail, you check the address s/he is connecting from, nothing else. Please, understand what a list is for before using it - otherwise you're shooting yourself in the foot and doing your users a gigantic disfavor. For example, Spamhaus's PBL lists "static, dialup & DHCP IP address spaces that are not meant to be *initiating* SMTP connections". This means that mail from such addresses should only be allowed by the corresponding netblock's assigned Mail eXchange (since, well... it is the assigned mail exchange for the netblock:) In other words; if someone is connecting *your* MX from a listed address, and you know that the your MX is not assigned to handle that area, you know you can drop the connection, because you are not supposed to handle MX for that client. If, on the other hand, you attempt to check even one IP address from the headers, you're checking the list against "possibly real" MXes that *are* and should be allowed to route mail. So... understand what lists are for and what their purpose is before using them. -- Markku Uttula ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ synalist-public mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/synalist-public
