a) Is it possible that someone who controls the Reverse DNS for a set of Spam IP addresses could put legit domain names in their PTR records, basically subverting this? Or is this a test that can't be gotten around? I have a feeling it can be subverted but I want to make sure.
It is possible, but unlikely. Few spammers have IPs that they both have control of the reverse DNS and send spam from. They IPs that they have control over the reverse DNS they typically want to keep for themselves. Intentionally putting in a bogus reverse DNS entry and then sending spam would almost certainly be grounds for quickly getting their account killed.
b) Is having the WHITELIST REVDNS in the GLOBAL.CFG file the only way to do this? Or can that set of strings be offloaded into a separate text file as I do with some of the filters? I have a feeling the answer is no, that it must be done within GLOBAL.CFG but I just wanted to make sure.
It would need to be done in the global.cfg file.
2) WHITELIST HELO in the GLOBAL.CFG file
I also like this solution as well. My question is how do I figure out what string they used in the HELO part of the SMTP conversation?
If you look at the Received: header that IMail adds, you'll see it there ("Received: from mail.example.com [192.0.2.25]..." -- in this case, it is mail.example.com).
-Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection.
Find out what you've been missing: Ask about our free 30-day evaluation.
--- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
--- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
