Jerome, Sendmail, for right or for wrong, and the infrastructure of the internet mailing systems is based on a system of culpability. Imagine an email as a baton passed from one runner to the next.
All your server can verify (and all you really *need* to know) is the last server that just passed the information on to you. Everything else is open to interpretation/forgery/etc. It's noble of you to care about what machine might actually be infected but you would have to assume that ALL the received lines including the previous server were infected because no assumption concerning where the virus originated would be correct without more information from all the runners in the relay. Anyway, you are barking up the wrong tree thinking MIMEDefang can solve this problem. The most you can do is edit your filter to parse the HEADERS file and add all the previous relays to the list of possible infections along with the most recent relay in $RelayAddr. The point I would make is so what? Now you have this information, what do you do with it. You certainly do not try and contact anyone about it unless you are responsible for a large network or you have more spare time than God. Regards, KAM > hu ? > > how do you know about the originating IP adress so ?? > > I understand that it's surely possible to add received lines > to make believe the sender is someone else, but there's surely > a way to analyze the sanity of received lines, this may be a good thing. > > what about making us the choice of choosing what we want to believe ? > > using the last received as the good one is not the best at all. > > I prefer seeing "xx.yy.zz.cc" is infected rather than 127.0.0.1... > > but that's my point of course _______________________________________________ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang