Re: [Exim] rbl-check for forwarded spam

Top Page
Delete this message
Reply to this message
Author: Ken Olum
Date:  
To: jeffh
CC: exim-users
Subject: Re: [Exim] rbl-check for forwarded spam
From: Jeff Hahn <jeffh@???>
Date: Mon, 7 Apr 2003 12:51:58 -0500

If you're talking about checking all the headers, you're making a mistake.
Example:

1. Spammer A dials in and gets 1.2.3.4.dialup.xyz.net.
2. Spammer A send 100000 spams and get's the address blacklisted.
3. You dial in and get assigned 1.2.3.4.dialup.xyz.net.
4. You send your legitimate email via mail.xyz.net.
5. Legitimate mail bounced because 1.2.3.4.dialup.xyz.net is in the received
headers.

Good point. If you block from the dial-up user list, you only want to
look at the received line of the site that is forwarding the mail to
you and not earlier ones which might have been "sanitized" by going
through a legitimate mail server. (Althoguh if you're blocking open
relays or static addresses, I don't think it's an issue.)

Only reasonable check is the host that's sending to YOU.

I don't agree. If I don't accept mail from A.B.C.D, and if I have a
forwarding account on, say, forevermail.com, then I can't see why I
should accept mail that forevermail.com accepted from A.B.C.D. I can
distinguish 1.2.3.4.dialup.xyz.net->mail.xyz.net->me (legitimate) from
1.2.3.4.dialup.xyz.net->forevermail.com->me (spam) because I have
a forwarding entry on forevermail.com and not on mail.xyz.net.

            Ken