On Sat, 2009-07-11 at 14:27 -0700, dmy wrote: > So is there a way to configure that ALL DNS tests just use the last external > ip address (or at least NOT the first one?). Because to me it doesn't make > any sense to test the ip people use to deliver messages to their smarthost > and it produces quite a few false positives on my system...
Someone throw me a tin opener - there is a can of worms needing it.... 2 trains of thought on this; PRO: Scanning all the headers may pick up an IP being used to push spam through a legitimate clean gateway. Normal 'top of the tree' RBL lookups will miss this; CON: Scanning all the hops is a waste of DNS time as anything after the first one can be forged - often in an attempt to hit white lists and trusted lists IMHO. PRO: Scanning just the top of the tree is going to break if you are behind a forwarder of some kind or even a nasty SMTP ALG/Proxying service on a firewall not configured to be entirely transparent. CON: Fine tuning and white listing is needed and this can be tetchy to set up initially. The pro's and cons aside, a finer degree of control would be very welcome and very useful. It probably exists for those people who know SA inside out - but fine control for the rest of us would be nice too!
