> On Sat, 2009-07-11 at 14:27 -0700, dmy wrote: > > So is there a way to configure that ALL DNS tests just use the last external > > ip address (or at least NOT the first one?). Because to me it doesn't make > > any sense to test the ip people use to deliver messages to their smarthost > > and it produces quite a few false positives on my system...
On 12.07.09 05:57, rich...@buzzhost.co.uk wrote: > Someone throw me a tin opener - there is a can of worms needing it.... Oh, you again? > 2 trains of thought on this; > PRO: Scanning all the headers may pick up an IP being used to push spam > through a legitimate clean gateway. Normal 'top of the tree' RBL lookups > will miss this; > > CON: Scanning all the hops is a waste of DNS time as anything after the > first one can be forged - often in an attempt to hit white lists and > trusted lists IMHO. whitelists only check for trusted IPs. If any spammer fakes blacklisted address, good for us. > PRO: Scanning just the top of the tree is going to break if you are > behind a forwarder of some kind or even a nasty SMTP ALG/Proxying > service on a firewall not configured to be entirely transparent. > > CON: Fine tuning and white listing is needed and this can be tetchy to > set up initially. That's a PRO: you can fine-tune and whitelist to get better results with faster scanning. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. I intend to live forever - so far so good.
