RBL checks

Matt Kettler mkettler at EVI-INC.COM
Tue Nov 26 19:51:50 GMT 2002

Ahem, let me clarify

1) line one is invariant in this case, always the same.
2) lines 2 and 3, or any other header other than 1 MUST NOT be used for
3) lines 2 and 3 are used for blacklists and DNS blacklists, but NOT

So unless the mail admin is an idiot and whitelists "your-second-server",
in which case he's whitelisted all of his email, what you describe will not

So, if I check only line 1 against my whitelists, and check 2 and 3 against
ORBS... how does this get the spam a free ride past the spamfilter based on
"nice-safe-domain at other.com"?

Yes, that is in fact impossible Julian because of critera #2... think about
it a bit....

At 07:20 PM 11/26/2002 +0000, you wrote:
>Headers say
>         Received: From your-first-server at you.com by
> your-second-server at you.com
>         Received: Nice-safe-domain at other.com by your-first-server at you.com
>         Received: Another-nice-safe at other2.com by nice-safe-domain at other.com
>The 2nd and 3rd lines are fake. And so you receive the message not marking
>it as spam (as it came from nice safe domains). You report the spam to the
>blacklists and other.com and other2.com get blacklisted. That's going to
>make them real happy. And the spammer changes to another couple of
>"other.com" and "other2.com" domains that aren't in the blacklists. And
>they get blacklisted too, and so on.
>The spammers don't get blacklisted, "other.com" and "other2.com" do.

More information about the MailScanner mailing list