more help on whitelist_from_rcvd

Mon, 11 Aug 2008 06:15:48 -0700

I'm trying to make sure email from ebay is legit. I received an email from ebay today with the following headers:
Received: from mxsmfpool02.ebay.com ([66.135.209.199] helo=mxsmfpool01.ebay.com) 
       by box106.bluehost.com with esmtp (Exim 4.69)
       (envelope-from <[EMAIL PROTECTED]>)
       id 1KSISe-0003wZ-8P
       for [EMAIL PROTECTED]; Sun, 10 Aug 2008 15:28:24 -0600
Received: from sjc2bat11.sjc.ebay.com ([10.8.194.232])
       by mxsmfpool01.ebay.com (8.13.5/8.13.5) with ESMTP id m7ALSNCM012713
       for <[EMAIL PROTECTED]>; Sun, 10 Aug 2008 14:28:27 -0700
DomainKey-Signature: a=rsa-sha1; s=dksm28; d=ebay.com; c=nofws; q=dns;
       h=x-ebay-mailtracker:to:from:mime-version:content-type:subject:date:
       message-id:reply-to:x-ebay-mailversiontracker;
       b=oMkULX7sexFP8Davsg9eBquC6yrj7BytJZVtNZ8qQwuipOJUcwjSPZvcmQdYyx+zU
       68Ot5VuDBGylST0mLRzsQ==
X-eBay-MailTracker: 11020.567.0.0
To: [EMAIL PROTECTED]
From: eBay <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary=23401732.1218403700945.JavaMail.ebba.sjc2bat11 
Subject: Check out the latest items from your favorite sellers on eBay
Date: Sun, 10 Aug 08 14:28:20 GMT-0700
Message-ID: <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
X-eBay-MailVersionTracker: 567.6690890
X-user: ::::66.135.209.199:box106.bluehost.com::::::

And I figured the following SA rules would guarantee passage:

whitelist_from_rcvd [EMAIL PROTECTED] sjc2bat11.sjc.ebay.com
whitelist_from_rcvd [EMAIL PROTECTED] mxsmfpool02.ebay.com
whitelist_from_rcvd [EMAIL PROTECTED] mxsmfpool01.ebay.com
whitelist_from_rcvd [EMAIL PROTECTED] ebay.com
whitelist_from_rcvd [EMAIL PROTECTED] emarsys.net

trusted_networks 192.168/16
trusted_networks 69.89.22.106
trusted_networks 68.231.250/8
internal_networks 192.168/16
internal_networks 69.89.22.106
internal_networks 68.231.250/8
But alas, it does not work--I'm still not able to whitelist this message. I realize that with this route, I would have to whitelist every one of ebay's outgoing mail servers (right???), or is there a better way? In concept, this seems like a great way to ensure one does not get spoofed emails, but gosh, it sure is hard to set up the rules for it. Unless I'm missing something simple.... 

Skip

--
Get my PGP Public key here:
http://pelorus.org/[EMAIL PROTECTED]

Reply via email to