Scott, I think I have figured out what is going on with the RBL and the 0.0.0.0 address business. I have not been able to nab any exact example, but I think what I did nab below tells the story. The below e-mail was legitimate and Not SPAM, but it was treated as SPAM.
The long and short is that there is a problem with MAPS and using HOP/HOP High. Global.cfg: HOP 0 HOPHIGH 1 ----------------- Declude Log: 08/02/2002 16:36:26 Qfb50142 HELOBOGUS:2 REVDNS:4 . Total weight = 6 08/02/2002 16:36:26 Qfb50142 Msg failed RBL (This E-mail came from 1.4.11.75, a potential spam source listed in RBL.). 08/02/2002 16:36:27 Qfb50142 Msg failed HELOBOGUS (Domain B2BWeb1.Resource.MH2.Com has no MX/A records.). 08/02/2002 16:36:27 Qfb50142 Msg failed REVDNS (This E-mail was sent from a MUA/MTA 65.203.99.90 with no reverse DNS entry.). 08/02/2002 16:36:27 Qfb50142 Subject: MH2BuildPro Order #3079852-000 (jme) 08/02/2002 16:36:27 Qfb50142 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] ----------------- Imail Log: 20020802 163616 127.0.0.1 SMTPD (0D7E0142) [64.90.57.60] connect 65.203.99.90 port 3789 20020802 163616 127.0.0.1 SMTPD (0D7E0142) [65.203.99.90] EHLO B2BWeb1.Resource.MH2.Com 20020802 163616 127.0.0.1 SMTPD (0D7E0142) [65.203.99.90] MAIL FROM:<[EMAIL PROTECTED]> 20020802 163616 127.0.0.1 SMTPD (0D7E0142) [65.203.99.90] RCPT TO:<[EMAIL PROTECTED]> 20020802 163617 127.0.0.1 SMTPD (0D7E0142) [65.203.99.90] D:\IMail\spool\Dfb50142.SMD ----------------- Headers: Received: from B2BWeb1.Resource.MH2.Com [65.203.99.90] by Leitos.com with ESMTP (SMTPD32-6.06) id AB50D7E0142; Fri, 02 Aug 2002 16:36:16 -0500 Received: from daa21301www003.cus.drtn.corp ([1.4.11.75]) by B2BWeb1.Resource.MH2.Com with Microsoft SMTPSVC(5.0.2195.4905); Fri, 2 Aug 2002 16:36:15 -0500 Received: from mail pickup service by daa21301www003.cus.drtn.corp with Microsoft SMTPSVC; Fri, 2 Aug 2002 16:35:57 -0500 From: <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Subject: MH2BuildPro Order #3079852-000 (jme) Date: Fri, 2 Aug 2002 16:35:56 -0500 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_2458_01C23A42.AD429670" X-Priority: 1 X-MSMail-Priority: High Importance: High X-FONT: COURIER X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300 Message-ID: <[EMAIL PROTECTED]> X-OriginalArrivalTime: 02 Aug 2002 21:35:57.0152 (UTC) FILETIME=[96410E00:01C23A6C] Return-Path: [EMAIL PROTECTED] X-Declude-Sender: [EMAIL PROTECTED] [65.203.99.90] X-Declude-Spoolname: Dfb50142.SMD X-Note: This E-mail was sent from [No Reverse DNS] ([65.203.99.90]). X-Note: Failed: RBL, HELOBOGUS, REVDNS - Total Weight: 6. X-Note: Checked for SPAM and Viruses by Internet Concepts - http://www.inetconcepts.net. ----------------- You'll note that this was killed due to the RBL failing on HOP HIGH. Declude did what it was suppose to do. MAPS has Blackholed most all of the IANA reserved addresses, which are defined at http://www.iana.org/assignments/ipv4-address-space. But, they have NOT Blackholed the RFC1918 private addresses. Checking HOP 1 does reduce SPAM. So, is it possible to not check MAPS when greater than HOP zero is an IANA or RFC1918 reserved address? Also, can you write to the log when it does fail a HOP > 0? That would make it much easier to quantify the value of this test and to examine them more closely. I checked all of the following blocks, using the MAPS lookup and found the following: Legend: x = Verified as Blackholed * = Verified as Not Blackholed IANA Reserved: x 000/8 IANA - Reserved Sep 81 x 001/8 IANA - Reserved Sep 81 x 002/8 IANA - Reserved Sep 81 x 005/8 IANA - Reserved Jul 95 x 007/8 IANA - Reserved Apr 95 x 023/8 IANA - Reserved Jul 95 x 027/8 IANA - Reserved Apr 95 * 031/8 IANA - Reserved Apr 99 x 036/8 IANA - Reserved Jul 00 x 037/8 IANA - Reserved Apr 95 x 039/8 IANA - Reserved Apr 95 x 041/8 IANA - Reserved May 95 x 042/8 IANA - Reserved Jul 95 x 058/8 IANA - Reserved Sep 81 x 059/8 IANA - Reserved Sep 81 x 060/8 IANA - Reserved Sep 81 x 069-079/8 IANA - Reserved Sep 81 x 082-095/8 IANA - Reserved Sep 81 x 096-126/8 IANA - Reserved Sep 81 * 127/8 IANA - Reserved Sep 81 * 197/8 IANA - Reserved May 93 x 222-223/8 IANA - Reserved Sep 81 * 240-255/8 IANA - Reserved Sep 81 RFC1918 Reserved Addresses: * 10.0.0.0 - 10.255.255.255 (10/8 prefix) * 172.16.0.0 - 172.31.255.255 (172.16/12 prefix) * 192.168.0.0 - 192.168.255.255 (192.168/16 prefix) This is the text that MAPS returns on thier site for those verified "x" above: "This network address is reserved by the Internet Assigned Numbers Authority (IANA). No Internet traffic should originate from this address. Any packets with this source address can be assumed to be forged. References: The IANA Home Page <http://www.isi.edu/div7/iana/> IP v4 Address Space <http://www.isi.edu/in-notes/iana/assignments/ipv4-address-space>" Thanks, ---- Don Brown - Dallas, Texas USA Internet Concepts, Inc. [EMAIL PROTECTED] http://www.inetconcepts.net PGP Key ID: 04C99A55 (972) 788-2364 Fax: (972) 788-5049 Providing Internet Solutions Worldwide - An eDataWeb Affiliate ---- --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.