Re: [Declude.JunkMail] Hop not scanned when passed through Postini

2004-09-17 Thread R. Scott Perry 

I'm going to guess that this is an issue with RFC compliance of Postini in 
how it includes the received headers, but the following headers shows a 
first hop that isn't being looked up consistently when one of our clients 
have E-mail being forwarded through a Postini protected host.
Received: from mail.pyramid.net [206.100.212.1] by mx1.mailpure.com with 
ESMTP
  (SMTPD32-8.05) id A35989BE0154; Thu, 16 Sep 2004 19:35:53 -0400
Received: from psmtp.com [12.158.34.32] by mail.pyramid.net
  (SMTPD32-8.11) id A3589E430150; Thu, 16 Sep 2004 16:35:52 -0700
Received: from source ([66.109.19.198]) by exprod5mx118.postini.com 
([12.158.34.245]) with SMTP;
Thu, 16 Sep 2004 18:35:50 CDT
Received: by mailmw-gv3.movingwiththegreatest.com (PowerMTA(TM) v1.5); 
Thu, 16 Sep 2004 18:13:56 -0400 (envelope-from 
newmsg.cgi?mbx=Hold[EMAIL PROTECTED][EMAIL PROTECTED])
What is the IP that Declude JunkMail is seeing here?
That last Received: header is indeed very poorly designed, where it would 
be quite difficult to determine automatically which IP was which.

   -Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers 
since 2000.
Declude Virus: Ultra reliable virus detection and the leader in mailserver 
vulnerability detection.
Find out what you've been missing: Ask for a free 30-day evaluation.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.

Re: [Declude.JunkMail] Hop not scanned when passed through Postini

2004-09-17 Thread Matt 
R. Scott Perry wrote:
What is the IP that Declude JunkMail is seeing here?
That last Received: header is indeed very poorly designed, where it 
would be quite difficult to determine automatically which IP was which.

I'm scanning on up to 4 hops and I assume that Declude can read 
everything besides the following line:

   Received: from source ([66.109.19.198]) by exprod5mx118.postini.com 
([12.158.34.245]) with SMTP;

This is the true source [66.109.19.198] and it happens to be blacklisted 
in my own DNSBL, SBL, AHBL and currently SPAMCOP, and all of those tests 
are configured to do lookups on up to 4 hops (HOPHIGH 3).  Every one of 
the messages that came through Postini (psmtp.com) to pyramid.net and 
then to me failed to hit on any DNSBL.  All the examples that I noted 
were static spam sources so there was only that one hop before all the 
gatewaying/forwarding between clean servers and that hop was identified 
on that line.  In other words, that hop not getting tested was not 
unique to just this one message and they all look very much the same.

Thanks,
Matt
--
=
MailPure custom filters for Declude JunkMail Pro.
http://www.mailpure.com/software/
=
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type unsubscribe Declude.JunkMail.  The archives can be found
at http://www.mail-archive.com.