>Hi all. I'm forwarding my e-mails from my mindspring account to my IMail
>box since half of my spam comes to mindspring.
This is an issue because the spam is being forwarded from an existing
account on another ISP, which makes it hard to determine the actual source
of the E-mail (which is used for spam scanning -- virus scanning doesn't
care about the source). Most anti-spam programs will simply give up if the
E-mail is forwarded like this.
Although Declude JunkMail wasn't designed to handle E-mail forwarded from
other Internet providers, it was designed to handle mail from a backup MX
record or a gateway. Because of this, there are several ways that you may
be able to get the forwarded mail scanned.
>I set hophigh to 2, but it looks like mindspring/earthlink does some sort
>of internal relays first.
The "HOPHIGH 2" setting should work fine in this situation. The HOPHIGH
setting (which most people don't use) is used to scan extra hops, which
allows you to scan the IP of people that send to mailing lists, for
example. The HOPHIGH 2 setting will scan the IP that is connecting to
IMail, as well as the next 2 hops.
If the HOPHIGH 2 setting isn't working, you should make sure you haven't
whitelisted the E-mail (this is why we urge people only to use whitelists
when absolutely necessary -- they make troubleshooting difficult).
>But the mail comes from a pool of mail servers, so if I use IPBYPASS, can
>I use a wildcard such as 207.69.200.* or just 207.69.200 or would I need
>to add an IPBYPASS for every one of their mail servers?
IPBYPASS is designed for backup mailservers and gateways, so it requires a
specific IP address. In this case, you could add all of the IPs that the
E-mail could come from. However, with Earthlink, this may be tricky. So
the HOPHIGH setting would be better.
>Received: from johnson.mail.mindspring.net [207.69.200.177] by
>mail.tropicalwebcreations.net with ESMTP
> (SMTPD32-7.12) id A9F76D9005E; Sun, 11 Aug 2002 07:26:47 -0400
This Received: header shows Mindspring connecting to your mailserver (the
IP that normally will get scanned).
>Received: from hazard.mail.atl.earthlink.net ([207.69.200.138])
> by johnson.mail.mindspring.net with smtp (Exim 3.33 #1)
> id 17dqsz-0001z8-00
> for [EMAIL PROTECTED]; Sun, 11 Aug 2002 07:27:53 -0400
This Received: header shows Earthlink handing off the E-mail to Mindspring
("Hop 1").
>Received: from 200.161.27.62 ([24.232.203.8])
> by hazard.mail.atl.earthlink.net (Earthlink Mail Service) with
> SMTP id 17DQSY14in3Nl3qG0
> for <[EMAIL PROTECTED]>; Sun, 11 Aug 2002 07:27:50 -0400
> (EDT)
and this one is where the spammer sent the E-mail to Earthlink ("Hop
2"). That's why you would want to use "HOPHIGH 2" -- it will scan the
first 2 hops, as well as the server that connected to IMail.
-Scott
---
Declude: Anti-virus, Anti-spam and Anti-hijacking solutions for
IMail. http://www.declude.com
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.
An Archive of this list is available at:
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Please visit the Knowledge Base for answers to frequently asked
questions: http://www.ipswitch.com/support/IMail/
