And the reason being is that many if not most mail server are not configured
to accept messages to the IP address. Also, in the case of Sobig, that would
not work anyway, as the IP address is of the workstation infected, which
could be anywhere.

John Tolmachoff MCSE CSSA
Engineer/Consultant
eServices For You
www.eservicesforyou.com


> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:Declude.Virus-
> [EMAIL PROTECTED] On Behalf Of R. Scott Perry
> Sent: Friday, August 22, 2003 7:56 AM
> To: [EMAIL PROTECTED]
> Subject: Re: [Declude.Virus] Postmaster Email Alert
> 
> 
> >Is there a way to make Declude email postmaster at the originating IP
> >address reverse DNS domain and not the domain in the FROM field which is
> >usually spoofed?
> 
> No.  The SKIPIFVIRUSNAMEHAS option is used for cases like this.
> 
> We have considered using reverse DNS, IPWHOIS, [EMAIL PROTECTED], etc., but
> none seem to work well most of the time.
> 
>                                                     -Scott
> ---
> Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
> Declude Virus: Catches known viruses and is the leader in mailserver
> vulnerability detection.
> Find out what you have been missing: Ask for a free 30-day evaluation.
> 
> ---
> [This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]
> 
> ---
> This E-mail came from the Declude.Virus mailing list.  To
> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> type "unsubscribe Declude.Virus".    The archives can be found
> at http://www.mail-archive.com.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.Virus mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus".    The archives can be found
at http://www.mail-archive.com.

Reply via email to