> On Thu, 2010-12-09 at 20:18 +0000, Cedric Knight wrote: > > I noticed some bad false positives on email sent from certain web > > servers that haven't (yet) been properly configured. For example, a > > trusted header line starting: > > Ah, so they are operational, just poorly configured. That's what you > just said in other words, right? :) > > Anyway, why are *web* servers sending out mail at all? Other than maybe > cron junk and friends, which would warrant bypassing SA or extending > your internal network. If they are indeed intended to send out mail to > third-parties, they better be configured properly first.
web servers are often sending mail from web forms. If client can't choose the recipient address, it's safe. If the client can't choose the message text it's at least a bit safe. > > Received: from 94.229.160.4.srvlist.ukfast.net > > (94.229.160.4.srvlist.ukfast.net [94.229.160.4]) On 09.12.10 21:30, Karsten Bräckelmann wrote: > Looks like a dynamic hostname indeed. it contains the IP in hostname and no evidence of being a static hostname. I think this is correctly assumed to be dynamic. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Honk if you love peace and quiet.
