RBL checks

Julian Field mailscanner at ecs.soton.ac.uk
Tue Nov 26 18:37:25 GMT 2002


At 18:31 26/11/2002, you wrote:
>Can MailScanner be configured to ignore the final sending address for
>blacklist checking and check the address previous to the last?

No. The only way to do that is to try and parse it out of the headers, and
it is trivial for spammers to fake (I'm surprised how few do at the
moment). All they need do is directly attack your mail server making the
mail appear to come from somewhere safe and you will let it all in.

>   The reason
>for this is that I have a backup mail store and forward server in the event
>that the pimary one goes down (secondary MX record).

Run MailScanner on all MX hosts and it isn't a problem. Having MX hosts
configured differently is a classic way of leaving yourself open to attack.
There is usually no good reason for your externally-visible MX hosts to
have different configurations.
--
Julian Field                Teaching Systems Manager
jkf at ecs.soton.ac.uk         Dept. of Electronics & Computer Science
Tel. 023 8059 2817          University of Southampton
                             Southampton SO17 1BJ



More information about the MailScanner mailing list