On Fri, 08 Feb 2002, Donald Greer wrote:
> One potential new check would be for "Received:" sequences.
Nope.
> E.G. that there's no message with a "Received: from XXX by YYY"
> followed by "Received: from WWW by ZZZ". If ZZZ received the message,
> then ZZZ should have sent it on the next hop ( or atleast something
> with the same IP address as ZZZ).
Nope. I have worked in, and run, sites that have used NAT to convert
their public IP to a private one. So, message routing was to a machine
with my public IP, then from a completely different IP to a completely
different IP, and then another discontinuous relay.
> This isn't 100%, but I know that many spammers have fake "Received:"
> lines that aren't always preceeded by a "Subject:" line so it wouldn't
> trigger the current check for bogus "Received:" lines. I'm sure this
> would have to be an external check.
It's not reliable enough in the face of:
* NAT
* Any MTA that fails to insert a received line.
* fetchmail
The last will screw up, too, because it has a hop to the ISP SMTP
listener, then a pickup from the ISP POP3 host and delivery to the local
machine. Another discontinuous jump.
In my opinion, of course. :)
Daniel
--
Using English spelling rules, 'fish' could be spelled 'ghoti' --
'gh' as in 'cough', 'o' as in 'women', and 'ti' as in 'station'.
-- George Bernard Shaw
_______________________________________________
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
