Fetchmail and MailScanner question

David While David.While at UCE.AC.UK
Fri Nov 8 12:01:50 GMT 2002 

I did originally have the senders address (as reported in the brackets in
the log entry), however the address reported by MailScanner in the log
file is the address from the envelope of the original email which in most
cases of Spam is forged. I started to do reverse DNS lookups on the IP
address but the majority of senders of Spam don't have the reverse DNS
entries set up.

The sending SMTP server is the only reliable information - it is the
server that sent the spam to you - that is all you can tell.

To do what you are suggesting would require MailScanner to analyse the
email and look at the headers to try and determine the originator of the
spam which I suspect would be a fairly complex task (perhaps Julian would
like to comment!).

Hotmail does do Spam checking (according to their website) by activating
the junk mail filter so maybe the users should turn this on so that the
mail isn't forwarded.

-----------------------------------------------------------------
David While
Technical Development Manager
Faculty of Computing, Information & English
University of Central England
Tel: 0121 331 6211




Roland Ehle <novirus at CARLO65.DE>
Sent by: MailScanner mailing list <MAILSCANNER at JISCMAIL.AC.UK>
08/11/2002 11:41
Please respond to MailScanner mailing list


        To:     MAILSCANNER at JISCMAIL.AC.UK
        cc:
        Subject:        Re: Fetchmail and MailScanner question


Hi Richard,

Am Fre, 2002-11-08 um 10.33 schrieb Lush, Richard:
> Hi All,
>
> I'm using fetchmail to collect emails from my ISPs and then MailScanner
> to scan them and send them on to my exchange server.  The question I
> have is on the IP headers.
>
> You can see here the information I am getting on the spam messages.  I'm
> getting 127.0.0.1 and in brackets the real domain name of the sender.

afaik there is no solution for this. When you use fetchmail, the sender
is always localhost. Eplanation: fetchmail picks up the mail and sends
it via smtp to the local recipient. But, concerning Dave Whiles MRTG
script, I have a proposal: in my eyes it seems to be better to have the
senders address instead of the sending SMTP-Server in the log and
access-list. I have customers, who forward their mails from their
free-mail accounts, such as yahoo, web.de, gmx, to their accounts on my
server. When I first used the script I had suddenly yahoo Mailservers on
my access list.

Regards,
Roland


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20021108/43a405b1/attachment.html

More information about the MailScanner mailing list