Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. SpamAssassin>
  3. users
from_rcvd
R.J.Mckeating at lboro
Mar 8, 2004, 4:09 AM
Post #1 of 2 (295 views)
Permalink
Hi all, I sent this late on Friday when most people had probably gone
home. Anyhow it is a real problem for us so if any of you SA experts
could offer any advice we would be very grateful. Copy of Fridays
message below

Hi all, I just subscribed to the list so forgive me if I am repeating
something. Had a look in the wiki first.

We have a whitelist_from_rcvd setting in our local.cf like this

whitelist_from_rcvd *@tiscali.co.uk tiscali.com

But as this header from an email that got spam filtered shows it is not
working as I expected. The from address should match so I figure it is
the domain bit that is wrong. I thought that tiscali.com as a domain
would match against mk-smarthost-3.mail.uk.tiscali.com.

Can anybody help me out here.

Received: from [212.74.114.39] (helo=mk-smarthost-3.mail.uk.tiscali.com)
by bill.lut.ac.uk with esmtp (Exim 4.30)
id 1AwMrZ-0005Ry-7E
for r.s.m.kirkwood@lboro.ac.uk; Thu, 26 Feb 2004 14:51:45 +0000
Received: from ppp-0-20.nott-a-1.access.uk.tiscali.com
([80.40.72.20]:2567 helo=Sonyvaio)
by mk-smarthost-3.mail.uk.tiscali.com with esmtp (Exim 4.30)
id 1AwMqv-000APv-Mw; Thu, 26 Feb 2004 14:51:06 +0000
From: "Tom_mawhood@tiscali.co.uk" <tom_mawhood@tiscali.co.uk>


Ron

--
Ron McKeating
Senior IT Services Specialist
Internet Services and Software Solutions
Loughborough University
01509 222329
Re: from_rcvd [ In reply to ]
mkettler_sa at comcast
Mar 8, 2004, 5:57 AM
Post #2 of 2 (301 views)
Permalink
At 11:09 AM 3/8/04 +0000, Ron McKeating wrote:

>We have a whitelist_from_rcvd setting in our local.cf like this
>
>whitelist_from_rcvd *@tiscali.co.uk tiscali.com
>
>But as this header from an email that got spam filtered shows it is not
>working as I expected. The from address should match so I figure it is
>the domain bit that is wrong. I thought that tiscali.com as a domain
>would match against mk-smarthost-3.mail.uk.tiscali.com.
>
>Can anybody help me out here.
>
>Received: from [212.74.114.39] (helo=mk-smarthost-3.mail.uk.tiscali.com)
> by bill.lut.ac.uk with esmtp (Exim 4.30)
> id 1AwMrZ-0005Ry-7E
> for r.s.m.kirkwood@lboro.ac.uk; Thu, 26 Feb 2004 14:51:45 +0000
>Received: from ppp-0-20.nott-a-1.access.uk.tiscali.com
>([80.40.72.20]:2567 helo=Sonyvaio)
> by mk-smarthost-3.mail.uk.tiscali.com with esmtp (Exim 4.30)
> id 1AwMqv-000APv-Mw; Thu, 26 Feb 2004 14:51:06 +0000
>From: "Tom_mawhood@tiscali.co.uk" <tom_mawhood@tiscali.co.uk>

Well, it will certainly NEVER match due to
mk-smarthost-3.mail.uk.tiscali.com. That's a helo statement and is so
horrificaly easily forged by spammers it's entirely untrustworthly.
Generaly only RDNS lookups match.

212.74.114.39 does RDNS as mk-smarthost-3.mail.uk.tiscali.com, but the
above mailheader appears as if the reverse lookup failed. Otherwise you'd
see something like this:

Received from mk-smarthost-3.mail.uk.tiscali.com [212.74.114.39]
(helo=mk-smarthost-3.mail.uk.tiscali.com)
by bill.lut.ac.uk with esmtp (Exim 4.30)

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal