On Mon, 20 Apr 2015, Axb wrote:
On 04/20/2015 08:04 PM, Dianne Skoll wrote:
Hi,
Not sure if this is still an issue in 3.4, but I'm seeing tons of
FPs on RCVD_ILLEGAL_IP. Why? Because Microsoft (damn it to hell)
has started using RESERVED IP ranges internally! Have a look:
Received: from BLUPR10MB0835.namprd10.prod.outlook.com (0.163.216.13)
by BLUPR10MB0835.namprd10.prod.outlook.com (0.163.216.13)
with Microsoft SMTP Server (TLS) id 15.1.136.25;
Mon, 20 Apr 2015 17:43:48 +0000
Is anyone else seeing a sudden uptick in RCVD_ILLEGAL_IP FPs?
There is an ongoing discussion about this with MS, thru backchannels.
They're intentionally using the 0/8 to mask internal IPs.
A very VERY bad choice and they have been advised that not only SA thinks
it's a bad idea.
Axb
I'm so glad to finally see this mentioned on here, because I was
starting to doubt my own gut reaction that putting invalid IP
addresses in Received is all sorts of broken. We noticed it last week
after someone from Microsoft mentioned getting a rejection from our
server, and looking back the first examples I was able to find of this
was from Apr. 6. Before that emails following similar paths through
Microsoft servers weren't doing this.
I'm also happy to know there's some discussion going on with MS.
When I mentioned it to an MS friend of mine last week he didn't seem
particularly shocked that the "internal" headers wouldn't comply with
expectations, but he also seemed surprised that anyone was looking at
such headers as a way of determining spam. Hopefully MS will take
this seriously, but I'm not holding my breath.
--
Public key #7BBC68D9 at | Shane Williams
http://pgp.mit.edu/ | System Admin - UT CompSci
=----------------------------------+-------------------------------
All syllogisms contain three lines | sha...@shanew.net
Therefore this is not a syllogism | www.ischool.utexas.edu/~shanew
