> The long and short is that there is a problem with MAPS and using > HOP/HOP High.
>HOP 0 >HOPHIGH 1 > >08/02/2002 16:36:26 Qfb50142 Msg failed RBL (This E-mail came from >1.4.11.75, a potential spam source listed in RBL.). > >Headers: >Received: from B2BWeb1.Resource.MH2.Com [65.203.99.90] by Leitos.com with >ESMTP > (SMTPD32-6.06) id AB50D7E0142; Fri, 02 Aug 2002 16:36:16 -0500 >Received: from daa21301www003.cus.drtn.corp ([1.4.11.75]) by >B2BWeb1.Resource.MH2.Com with Microsoft SMTPSVC(5.0.2195.4905); > Fri, 2 Aug 2002 16:36:15 -0500 I'm not sure that I see the problem... >You'll note that this was killed due to the RBL failing on HOP HIGH. >Declude did what it was suppose to do. Yes. >MAPS has Blackholed most all of the IANA reserved addresses, which are >defined at http://www.iana.org/assignments/ipv4-address-space. But, >they have NOT Blackholed the RFC1918 private addresses. That's good. The "IANA Reserved" addresses are ones that are *RESERVED* by IANA. That means that tomorrow IANA has the full right to give them out to spammers. And spammers are very likely today to use fake Received: headers using them. And *nobody* has a right to use those addresses except IANA. The problem here isn't with MAPS -- it's with "drtn.corp" (not even a valid domain name), who is using an IP address they aren't authorized to use. While that isn't against the law, it's against the RFCs -- and doing so has drawbacks, such as having your mail killed. Note that Declude JunkMail automatically detects private IPs (RFC1918), but we can't exempt IPs that could be used by spammers in the future. >Checking HOP 1 does reduce SPAM. So, is it possible to not check MAPS >when greater than HOP zero is an IANA or RFC1918 reserved address? You can whitelist the IP, that would likely be the best bet in this situation. >Also, can you write to the log when it does fail a HOP > 0? Good idea -- I'll see if that can be done. >This is the text that MAPS returns on thier site for those verified "x" above: > "This network address is reserved by the Internet Assigned Numbers > Authority (IANA). No Internet traffic should originate from this > address. Any packets with this source address can be assumed to > be forged. And that's exactly why they blacklist those IPs. :) -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
