As per the man page, the part of the Received header searched MUST be next to a bracketed IP address to prevent simple HELO spoofing.
Received: from delivery.pens.microsoft.com ([207.46.248.65]) by mail.explainerdc.com (8.12.6/8.12.6) with ESMTP id h0SGVS6a018669
Note that
1) there is no such name delivery.pens.microsoft.com. Try doing a nslookup or dig delivery.pens.microsoft.com.. nada..
2) the text delivery.pens.microsoft.com is not directly next to the IP address, thus the delivering server is 207.46.248.65 but has NO reverse DNS name at all.
The whitelist_from_rcvd rule will only work if the received header looks like this (which would happen if MS got off their lazy butt and set up reverse and forward DNS entries properly):
Received: from delivery.pens.microsoft.com (delivery.pens.microsoft.com [207.46.248.65]) by mail.explainerdc.com (8.12.6/8.12.6) with ESMTP id h0SGVS6a018669
Note in the second case there's a reverse DNS resolution for that mailserver, not just a HELO string.
Heck, given that the presented HELO doesn't resolve, *and* the IP has *NO* reverse lookup at all, some mailservers won't even accept mail from them. (some mailservers require at least a PTR record, any PTR record, for the IP delivering mail, or the HELO string resolving with an A record matching the IP.)
But then again, given how well Microsoft seems understand TCP/IP, SMTP and other well known RFC protocols, I'm not surprised by this behavior. I bet they call it a "security" feature.
At least the IPwhois of 207.46.248.65 does indicate it's a Microsoft IP address :)
NetRange: 207.46.0.0 - 207.46.255.255
CIDR: 207.46.0.0/16
NetName: MICROSOFT-GLOBAL-NET
NetHandle: NET-207-46-0-0-1
Parent: NET-207-0-0-0-0
NetType: Direct Assignment
At 06:23 PM 1/28/2003 +0100, Stephan van Hienen wrote:
Hi, I can't find a good description on the whitelist option for spamassassin How can I whitelist all email from microsoft (newsletters) sended from microsoft servers ?I tried doing this : whitelist_from_rcvd *@microsoft.com microsoft.com whitelist_from_rcvd *@*.microsoft.com microsoft.com But then the following email get marked as spam (not seen as whitelisted) -- Return-Path: <[EMAIL PROTECTED] om> Received: from delivery.pens.microsoft.com ([207.46.248.65]) by mail.explainerdc.com (8.12.6/8.12.6) with ESMTP id h0SGVS6a018669 for <[EMAIL PROTECTED]>; Tue, 28 Jan 2003 17:31:28 +0100 Received: from TK2MSFTDDSQ04 ([10.40.1.68]) by delivery.pens.microsoft.com with Microsoft SMTPSVC(5.0.2195.5600); Tue, 28 Jan 2003 08:31:06 -0800 Reply-To: <[EMAIL PROTECTED] om> From: "Microsoft" <[EMAIL PROTECTED] om> To: <[EMAIL PROTECTED]> -- Before I make a lot whitelist_from_rvcd lines, what exactly do I need to put there ? (as microsoft likes to send from different mailservers) ------------------------------------------------------- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld http://www.vasoftware.com _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
------------------------------------------------------- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
