Spam Filter ISP Support Forum

  New Posts New Posts RSS Feed - Filtering mail relayed through open proxies
  FAQ FAQ  Forum Search   Register Register  Login Login

Filtering mail relayed through open proxies

 Post Reply Post Reply
Author
Alan View Drop Down
Guest Group
Guest Group
Post Options Post Options   Thanks (0) Thanks(0)   Quote Alan Quote  Post ReplyReply Direct Link To This Post Topic: Filtering mail relayed through open proxies
    Posted: 18 April 2003 at 3:45pm

Am I correct in that the IP filter only looks at the last connection and not at all the IP's in the header?

As junk mail is often relayed thorugh several proxies and often through notorious regions like China or Korea, I would like to filter all email passing through these regions.

Am I correct in thinking that including keyword filter entries such as

[202.

[218.2.

[218.3.

and so on would do this?

 

Back to Top
LogSat View Drop Down
Admin Group
Admin Group
Avatar

Joined: 25 January 2005
Location: United States
Status: Offline
Points: 4068
Post Options Post Options   Thanks (0) Thanks(0)   Quote LogSat Quote  Post ReplyReply Direct Link To This Post Posted: 18 April 2003 at 11:29pm

Yes, you are correct. The reverse DNS and MAPS tests are performed on the actual IP initiating the connection to SpamFilter. Addresses in the headers are ignored in all checks, as they can be easily forged and thus are unreliable.

You are also correct in your possible use of keywords. We have purposely designed the keyword tests so that the smtp headers are checked for keywords, so you can set them up as you wish to filter out msgs based on the headers.

Roberto Franceschetti
LogSat Software

Back to Top
Alan View Drop Down
Guest Group
Guest Group
Post Options Post Options   Thanks (0) Thanks(0)   Quote Alan Quote  Post ReplyReply Direct Link To This Post Posted: 22 April 2003 at 12:46pm

As forged IP addresses in the header are usually an indication of someone trying to conceal the source of the email, wouldn't forged IP's in the header be a good indicator of spam?

Basically I think it would be a good idea if the software would scan ALL the IP address's in a header.  If a spammer sends mail through several legit servers, through a blacklisted server, and then a legit server with an open relay that has now been blacklisted yet, I would bet it's spam and I would like to filter them.

I think this would be very useful.

Back to Top
 Post Reply Post Reply
  Share Topic   

Forum Jump Forum Permissions View Drop Down



This page was generated in 0.078 seconds.