Could MailScanner be trained to use DNS black lists for the X-Originating-IP: field check?

Kai Wang kwang at UCALGARY.CA
Thu Sep 2 17:30:08 IST 2004 

<x-flowed>
Hi,

Sending spam through systems like yahoo or hotmail is quite common.
Currently, we check the IP of the machine
that mail is coming from against the DNS based lists.  There are many
cases in which the earlier X-Originating-IP:
and Received: fields should be checked. In the following  case
209.89.159.117  is on the RBL+ list. We need to
consider checking Received:, X-Originating-IP:, etc. against; the DNS lists.

Message header
-------------------------------------------------------------------------------------------------------------------
Received: from n26.grp.scd.yahoo.com (n26.grp.scd.yahoo.com [66.218.66.82])
    by mhub3.ucalgary.ca (8.11.7/8.11.6) with SMTP id i5TAeca11091
    for <gbtickne at ucalgary.ca>; Tue, 29 Jun 2004 04:40:38 -0600
X-eGroups-Return:
sentto-2684753-1712-1088505636-gbtickne=ucalgary.ca at returns.groups.yahoo.com
Received: from [66.218.66.30] by n26.grp.scd.yahoo.com with NNFMP; 29
Jun 2004 10:40:37 -0000
X-Sender: spinalcore at gosympatico.ca
X-Apparently-To: CalgaryAquariums at yahoogroups.com
Received: (qmail 45869 invoked from network); 29 Jun 2004 10:40:35 -0000
Received: from unknown (66.218.66.167)
by m24.grp.scd.yahoo.com with QMQP; 29 Jun 2004 10:40:35 -0000
Received: from unknown (HELO n7.grp.scd.yahoo.com) (66.218.66.91)
by mta6.grp.scd.yahoo.com with SMTP; 29 Jun 2004 10:40:35 -0000
Received: from [66.218.66.118] by n7.grp.scd.yahoo.com with NNFMP; 29
Jun 2004 10:40:26 -0000
To: CalgaryAquariums at yahoogroups.com
Message-ID: <cbrguq+95pq at eGroups.com>
User-Agent: eGroups-EW/0.82
X-Mailer: Yahoo Groups Message Poster
X-eGroups-Remote-IP: 66.218.66.91
From: "Travis Walker" <spinalcore at gosympatico.ca>
X-Originating-IP: 209.89.159.117
X-Yahoo-Profile: spinalcore
MIME-Version: 1.0
Mailing-List: list CalgaryAquariums at yahoogroups.com; contact
CalgaryAquariums-owner at yahoogroups.com
Delivered-To: mailing list CalgaryAquariums at yahoogroups.com
Precedence: bulk
List-Unsubscribe: <mailto:CalgaryAquariums-unsubscribe at yahoogroups.com>
Date: Tue, 29 Jun 2004 10:40:26 -0000
Subject: [CalgaryAquariums] Looking for Fancy Guppies!!!!!!!!
Reply-To: CalgaryAquariums at yahoogroups.com
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
-------------------------------------------------------------------------------------------------------------------

209.89.159.117 is on RBL+
-------------------------------------------------------------------------------------------------------------------
$ nslookup 117.159.89.209.rbl-plus.mail-abuse.org
Name:     117.159.89.209.rbl-plus.mail-abuse.org
Address:  127.1.0.2
-------------------------------------------------------------------------------------------------------------------


Thanks
Kai

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>

More information about the MailScanner mailing list