Tony Earnshaw writes: > David B Funk wrote: > > > OK, I'm sorry I wasn't clear enough about the environment. The AOL client > > was using a web browser (HTTP not SMTP) to sent the message, via a > > webmail (HTTP-2-IMAP/SMTP) gateway (running 'IMP'). I understand about > > requiring dial-up clients using their ISP for SMTP transactions, but this > > was HTTP. > > > > AOL-client (HTTP) => webmail gateway. > > webmail gateway (SMTP) => campus SMTP server... > > > > Thus that first hop should NOT have been tagged as violating the DIALUP > > Browser <-> webmail is always http. I saw that it was an IMP server - > there's an IMP server on this machine too :-) It's the server that is > doing both smtp and imap on behalf of the client and the client is > telling it what to do via http. > > It wasn't the protocol SA was complaining about, it was the fact that > the transaction was being carried out by a blocked IP number. Spammers > often use http to "bounce" their spam off open http proxies, using port > 80/443 to get the server to translate to port 25 on the victim's smtp > server. There are RBL tests available for open http proxy servers, too.
FWIW, it's hard to tell what's going on without *all* the Received headers. It should be fine, assuming the received hdrs are normal (apart from the HTTP vs SMTP difference). Here's what 2.60cvs doc says about using check_rbl: =item Selecting all IPs except for the originating one This is accomplished by naming the set 'foo-notfirsthop'. Useful for querying against DNS lists which list dialup IP addresses; the first hop may be a dialup, but as long as there is at least one more hop, via their outgoing SMTP server, that's legitimate, and so should not gain points. If there is only one hop, that will be queried anyway, as it should be relaying via its outgoing SMTP server instead of sending directly to your MX. --j. ------------------------------------------------------- This SF.net email is sponsored by: VM Ware With VMware you can run multiple operating systems on a single machine. WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the same time. Free trial click here: http://www.vmware.com/wl/offer/345/0 _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
