I for one like the idea that it can go back. My SA install
is behind a gateway and before my mail server. Therefor I
would like the dns lookup to occur not on the connecting
machine but the machine that connected to the gateway. Since
I know the connecting machine is mine anyways I don't need a
lookup on it, just what connects to it.
----- Original Message Follows -----
> Interesting. I wouldn't have expected SA to do that. It
> makes me wonder if that's really a good thing. The last
> (most recent) Received line is usually the only one you
> can trust (unless you have a anti-virus or pure email
> gateway ahead of your primary MTA). Beyond that they are
> to be taken with a 50lbs block of salt. Going back into
> the Received lines past the ones you know you can trust
> makes me leary. I don't know that's it a good thing. I'm
> gonna have to think on that a bit. The only real way I
> can see that it could hurt you is if the forged Received
> line matches a negative scoring rule like the bondedsender
> rule. Other than that I guess all it could really do is
> make you SA box work at little harder by doing more DNS
> lookups. If your DNS system is having load issues, this
> would be a good thing to set to 1. Other than that, I
> really can't think of any other way it could hurt you.
> Still, I might be more fond of only looking up the last
> Received line unless you know that your MTA is 2-3 levels
> deep in your own mail system.
>
> Justin
>
>
>
> On Thu, 17 Oct 2002, Matt Kettler wrote:
>
> > SpamAssassin certainly does check multiple received-from
> > headers for DNSBLs, in fact, it's configurable. I'm not
> > sure if this setting applies to bondedsender checks or
> > not. In any event there is likely a limit on the number
> of reverse headers that are checked for bonded sender and
> > that alone will make it by far more difficult to fake a
> > bondedsender, which is the real point.
> >
> > from the Mail::SpamAssassin::Conf manfile:
> >
> > num_check_received { integer } (default: 2)
> > How many received lines from and including
> > the original mail relay do we check in RBLs
> > (you'd want at least 1 or 2). Note that for
> > checking against dialup lists, you can call
> check_rbl with a special set name of "set-firsthop" and
> > this rule will only be matched against the
> > first hop if there is more than one hop, so
> > that you can set a negative score to not
> penalize people who properly relayed through their ISP.
> > See dialup_codes for more details and an
> > example
> > Ideally you'd want bondedsender only checked back to the
> > first received-from line added by one of your MTAs and
> > not any others. For DNSBLs you might want to search
> > back a bit further to catch blacklisted servers in
> multi-hop relays, etc. It would probably be a pain to have
> > separate "dns whitelist" vs "dns blacklist"
> > num_checked_received values, but that might be a
> > worthwhile feature for SA to have.
> >
> > At 01:16 PM 10/17/2002 -0500, [EMAIL PROTECTED]
> > wrote: >Or a spammers adds a Received line that makes it
> > appears as if the message >was relayed through
> > bondedsender.com. Easily done. To the best of my
> >knowledge, I think DNSBl lookups are only done on the IP
> > communicating >with your MTA. That's what I've always
> > experienced with the DNSBls I use >from Sendmail. SA
> > could very well look back through a couple Received
> >lines though. Can't say for certain. Seems unlikely to
> > me though. >
> > >Justin
> >
> >
> >
> > -------------------------------------------------------
> > This sf.net email is sponsored by: viaVerio will pay you
> > up to $1,000 for every account that you consolidate with
> > us. http://ad.doubleclick.net/clk;4749864;7604308;v?
> > http://www.viaverio.com/consolidator/osdn.cfm
> > _______________________________________________
> > Spamassassin-talk mailing list
> > [EMAIL PROTECTED]
> >
>
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
> >
>
>
>
> -------------------------------------------------------
> This sf.net email is sponsored by: viaVerio will pay you
> up to $1,000 for every account that you consolidate with
> us. http://ad.doubleclick.net/clk;4749864;7604308;v?
> http://www.viaverio.com/consolidator/osdn.cfm
> _______________________________________________
> Spamassassin-talk mailing list
> [EMAIL PROTECTED]
>
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
===========================
Kevin W. Gagel
--------------------------------
The College of New Caledonia
Visit us at http://www.cnc.bc.ca
--------------------------------
-------------------------------------------------------
This sf.net email is sponsored by: viaVerio will pay you up to
$1,000 for every account that you consolidate with us.
http://ad.doubleclick.net/clk;4749864;7604308;v?
http://www.viaverio.com/consolidator/osdn.cfm
_______________________________________________
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
