-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Pierre Thomson writes: > If this header line was faked, it would be inappropriate to run DNSBL's on it. > > If it was not faked, the receiving MTA at nifty.com is not RFC > conformant. To me it doesn't look faked; see the header excerpt > below. Most likely it's just a case of a misconfigured MTA. > > Now, whether or not SA should parse malformed Received lines is another > question... Yes. We're reasonably happy to do this if it's seen widely -- e.g. if a certain version of sendmail or Exchange is released that does this -- but if it's one or two MTAs, it's better to fix the MTA instead. - --j. > Pierre > > Received: from localhost ([127.0.0.1]) > by vawr.pblnet.local with esmtp (Exim 4.50) > id 1E56bi-00005v-PL > for [EMAIL PROTECTED]; Wed, 17 Aug 2005 03:56:18 +0900 > Received: from pop.nifty.com [202.248.238.11] > by localhost with POP3 (fetchmail-6.2.5.2) > for [EMAIL PROTECTED] (single-drop); Wed, 17 Aug 2005 03:56:18 +0900 > (JST) > Received: by mbox53.nifty.com id 430236b0494c63; > Wed, 17 Aug 2005 03:55:44 +0900 > Received: from makorsha.biz ([218.64.103.25])by mxg509.nifty.com with SMTP id > j7GItZAo029596; > Wed, 17 Aug 2005 03:55:36 +0900 > To: "Alfonzo Seifert" <[EMAIL PROTECTED]> > > -----Original Message----- > From: Loren Wilton [mailto:[EMAIL PROTECTED] > Sent: Wednesday, August 17, 2005 7:44 AM > To: users@spamassassin.apache.org > Subject: Re: problem of extracting IP string from header (bug?) > > > unfortunately the space is required, and appears in the output from the > > MTAs that I'm aware of. It appears that the "nifty.com" mailserver is > > producing unusual headers there. > > Justin, this sounds very similar to the (I believe bz) report a few days ago > where someone suggested spammers may be doing this deliberately in faked > received headers. > > Loren -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Exmh CVS iD8DBQFDA4pNMJF5cimLx9ARAqhzAKCHME9doPwIdQULpax1J/tG4YrorwCgik5o s+Cto9ig1lyFcxMOFnqS//Y= =lyS4 -----END PGP SIGNATURE-----
