And the reason being is that many if not most mail server are not configured to accept messages to the IP address. Also, in the case of Sobig, that would not work anyway, as the IP address is of the workstation infected, which could be anywhere.
John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:Declude.Virus- > [EMAIL PROTECTED] On Behalf Of R. Scott Perry > Sent: Friday, August 22, 2003 7:56 AM > To: [EMAIL PROTECTED] > Subject: Re: [Declude.Virus] Postmaster Email Alert > > > >Is there a way to make Declude email postmaster at the originating IP > >address reverse DNS domain and not the domain in the FROM field which is > >usually spoofed? > > No. The SKIPIFVIRUSNAMEHAS option is used for cases like this. > > We have considered using reverse DNS, IPWHOIS, [EMAIL PROTECTED], etc., but > none seem to work well most of the time. > > -Scott > --- > Declude JunkMail: The advanced anti-spam solution for IMail mailservers. > Declude Virus: Catches known viruses and is the leader in mailserver > vulnerability detection. > Find out what you have been missing: Ask for a free 30-day evaluation. > > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] > > --- > This E-mail came from the Declude.Virus mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.Virus". The archives can be found > at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.