IP address of spam

Desai, Jason jase at SENSIS.COM
Thu May 15 18:02:39 IST 2003

This is one reason to let SpamAssassin do the RBL checks instead of
MailScanner.  I believe that SpamAssassin will check all of the Received

Also, I would think that the Received header that immediately precedes the
Message-Id and From headers could easily be spoofed by a spammer, so you
really can't trust it.


> -----Original Message-----
> From: Avi Levin [mailto:avi at CAXTONRVH.COM]
> Sent: Thursday, May 15, 2003 12:45 PM
> Subject: [MAILSCANNER] IP address of spam
> The IP address identified by Mailscanner (4.14-9) in the log
> seems to be the
> last host that handed off the message to my SMTP server.  In
> other words,
> the first "Received:" line in the envelope of each message.
> The problem I'm seeing with this, is that if I use
> Checkpoint's FW-1 SMTP
> proxy, or any other internal scanners, then MailScanner's reported IP
> address is no longer that of the actual sender.
> Shouldn't the sender's IP address be the one that's identified on the
> "Received: " header that immediately preceeds the
> "Message-ID:" and "From:"
> lines?
> And finally, which address is used for RBL and other list checks?
> Please let me know if you've got any insights into this.
> Thanks.
> ---Avi---

More information about the MailScanner mailing list