On Thu, 8 Dec 2005 23:16:13 -0800, you wrote:
>> Even with TRUSTED_NETWORKS set, the RCVD_IN_SORBS_DUL rule is
>triggered. I don't see how this is correct, when the IP address that
>triggered it was not the last hop. This rule should only be triggered
>when "sent directly from dynamic IP address"
>
>If someone hasn't suggested it already, post your trusted_* config lines
>along with the headers for a message that you think hit wrong, and we can
>probably help you figure out what is going wrong. The first guess would be
>that you don't have trusted_networks set quite *right*, even though you have
>it set to *something*.
>
> Loren
TRUSTED_NETWORKS 10.0.0/24 198.135.234.36
lookup from MX:
#host mail.avtcorp.com
mail.avtcorp.com has address 10.0.0.5
header that trip RCVD_IN_SORBS_DUL
Received: from smtp109.sbc.mail.mud.yahoo.com (68.142.198.208)
by mail.avtcorp.com with SMTP; 7 Dec 2005 21:03:26 -0000
Received: (qmail 42892 invoked from network); 7 Dec 2005 21:03:25
-0000
Received: from unknown (HELO proxyplus.universe)
([EMAIL PROTECTED]@209.30.176.199 with login)
by smtp109.sbc.mail.mud.yahoo.com with SMTP; 7 Dec 2005 21:03:25
-0000
Received: from cindy [156.56.61.27]
by Proxy+; Wed, 07 Dec 2005 15:17:34 -0600
for <[EMAIL PROTECTED]>
From: "cindy darling" <[EMAIL PROTECTED]>
To: "Judy Grecco" <[EMAIL PROTECTED]>
This does look kind of fishy. I think I see why the rule was tripped.
209.30.176.199 is listed in SORBS DUL
Looks like they are running proxy+ on a PPoX pool
computer and relaying through it, so I guess it makes sense to trip
the rule, or does it?
->Russ
