In the header of the message, look at the last
IP address in square brackets, this is the IP address of the sending email
server. The text just before it is the HELO sent by it, and is often
unreliable with legitimate mail, and practically a work of fiction with
spam.
To get the REVDNS that you can put in your filter files, go to a
command prompt and use the name server lookup program with the IP address as the
only parameter, e.g.
C:\Temp>nslookup 63.246.31.248
Server:
myinternal.DNS.server
Address:
192.168.0.1
Name: smtp.declude.com
Address:
63.246.31.248
C:\Temp>
Some admins don't mind the
extra overhead, and use the XINHEADER and/or XOUTHEADER feature in their
global.cfg to insert various lines into the header of every message that
contain Declude variables like REVDNS. One common thing that comes up when
doing this is that if you use the ALLRECIPS to document in the header who all
the recipients are, you've just "blown the cover" on someone who sent a
legitimate email with a BCC list of recipients in your domain(s). Don't do
that.
> -----Original Message-----
> From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On
>
Behalf Of Todd Richards
> Sent: Wednesday, November 08, 2006 1:13
PM
> To: declude.junkmail@declude.com
> Subject: RE:
[Declude.JunkMail] whitelisting based on rev dns
>
> Is the Reverse
DNS in the headers anywhere? I've just been
> going out to
DNSReports.com and pulling it for the ones I
> want to add. Easier
way?
>
> Todd
>
>
> -----Original
Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On
>
Behalf Of Greg Evanitsky
> Sent: Wednesday, November 08, 2006 12:56
PM
> To: declude.junkmail@declude.com
> Subject: Re:
[Declude.JunkMail] whitelisting based on rev dns
> Importance:
High
>
>
> On Nov 8, 2006, at 1:24 PM, Craig Edmonds
wrote:
>
> > How can I whitelist based on Reverse
DNS?
>
> Create a filter with lines like
>
>
REVDNS xxx ENDSWITH .abcdefghi.com
>
> where xxx
is weight to apply. Xxx could be a very high number
> to cause the message
to be deleted or it could be a negative number.
>
> In my revdns
spam filter I also have the following lines at
> the top to save processor
usage
>
> SKIPIFWEIGHT xx
>
STOPATFIRSTHIT
>
> If the message's weight already exceeds xx the
filter will be skipped.
>
> Later,
>
Greg
>
>
>
>
>
>
> ---
> This
E-mail came from the Declude.JunkMail mailing list. To
>
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> type
"unsubscribe Declude.JunkMail". The archives can be
> found at
http://www.mail-archive.com.
>
>
>
>
>
>
> ---
>
This E-mail came from the Declude.JunkMail mailing list. To
>
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> type
"unsubscribe Declude.JunkMail". The archives can be
> found at
http://www.mail-archive.com.
>
>
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
