<br><font size=2 face="sans-serif">I did originally have the senders address (as reported in the brackets in the log entry), however the address reported by MailScanner in the log file is the address from the envelope of the original email which in most cases of Spam is forged. I started to do reverse DNS lookups on the IP address but the majority of senders of Spam don't have the reverse DNS entries set up.</font>
<br>
<br><font size=2 face="sans-serif">The sending SMTP server is the only reliable information - it is the server that sent the spam to you - that is all you can tell.</font>
<br>
<br><font size=2 face="sans-serif">To do what you are suggesting would require MailScanner to analyse the email and look at the headers to try and determine the originator of the spam which I suspect would be a fairly complex task (perhaps Julian would like to comment!).</font>
<br>
<br><font size=2 face="sans-serif">Hotmail does do Spam checking (according to their website) by activating the junk mail filter so maybe the users should turn this on so that the mail isn't forwarded.</font>
<br>
<br><font size=2 face="sans-serif">-----------------------------------------------------------------<br>
David While<br>
Technical Development Manager<br>
Faculty of Computing, Information & English<br>
University of Central England<br>
Tel: 0121 331 6211</font>
<br>
<br>
<br>
<table width=100%>
<tr valign=top>
<td>
<td><font size=1 face="sans-serif"><b>Roland Ehle <novirus@CARLO65.DE></b></font>
<br><font size=1 face="sans-serif">Sent by: MailScanner mailing list <MAILSCANNER@JISCMAIL.AC.UK></font>
<p><font size=1 face="sans-serif">08/11/2002 11:41</font>
<br><font size=1 face="sans-serif">Please respond to MailScanner mailing list</font>
<br>
<td><font size=1 face="Arial"> </font>
<br><font size=1 face="sans-serif"> To: MAILSCANNER@JISCMAIL.AC.UK</font>
<br><font size=1 face="sans-serif"> cc: </font>
<br><font size=1 face="sans-serif"> Subject: Re: Fetchmail and MailScanner question</font></table>
<br>
<br>
<br><font size=2 face="Courier New">Hi Richard,<br>
<br>
Am Fre, 2002-11-08 um 10.33 schrieb Lush, Richard:<br>
> Hi All,<br>
><br>
> I'm using fetchmail to collect emails from my ISPs and then MailScanner<br>
> to scan them and send them on to my exchange server. The question I<br>
> have is on the IP headers.<br>
><br>
> You can see here the information I am getting on the spam messages. I'm<br>
> getting 127.0.0.1 and in brackets the real domain name of the sender.<br>
<br>
afaik there is no solution for this. When you use fetchmail, the sender<br>
is always localhost. Eplanation: fetchmail picks up the mail and sends<br>
it via smtp to the local recipient. But, concerning Dave Whiles MRTG<br>
script, I have a proposal: in my eyes it seems to be better to have the<br>
senders address instead of the sending SMTP-Server in the log and<br>
access-list. I have customers, who forward their mails from their<br>
free-mail accounts, such as yahoo, web.de, gmx, to their accounts on my<br>
server. When I first used the script I had suddenly yahoo Mailservers on<br>
my access list.<br>
<br>
Regards,<br>
Roland<br>
</font>
<br>
<br>