IP address of spam

Desai, Jason jase at SENSIS.COM
Thu May 15 18:02:39 IST 2003


This is one reason to let SpamAssassin do the RBL checks instead of
MailScanner.  I believe that SpamAssassin will check all of the Received
header.

Also, I would think that the Received header that immediately precedes the
Message-Id and From headers could easily be spoofed by a spammer, so you
really can't trust it.

Jason

> -----Original Message-----
> From: Avi Levin [mailto:avi at CAXTONRVH.COM]
> Sent: Thursday, May 15, 2003 12:45 PM
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: [MAILSCANNER] IP address of spam
>
>
> The IP address identified by Mailscanner (4.14-9) in the log
> seems to be the
> last host that handed off the message to my SMTP server.  In
> other words,
> the first "Received:" line in the envelope of each message.
>
> The problem I'm seeing with this, is that if I use
> Checkpoint's FW-1 SMTP
> proxy, or any other internal scanners, then MailScanner's reported IP
> address is no longer that of the actual sender.
>
> Shouldn't the sender's IP address be the one that's identified on the
> "Received: " header that immediately preceeds the
> "Message-ID:" and "From:"
> lines?
>
> And finally, which address is used for RBL and other list checks?
>
> Please let me know if you've got any insights into this.
>
> Thanks.
> ---Avi---
>



More information about the MailScanner mailing list