Imail 8 Spam / Blacklist help, header modifcation???

[freekfly]

Here's my story.....just upgraded to imail 8 and it works great. Enabled DNS Blacklists, Statistical and phrase filtering. Here's where it get's dicy....

Here is how mail flows into my imail server. It first gets accepted by Sophos MailMonitor. This answers all SMTP requests and accepts mail into it's queue. Then it scans it with Sophos anti virus and does a VERY nice job at it. Once it determines it's clean, it sends it over to Imail (which is on the same server). Imail gets the message and does it's thing. Stat and phrase filtering work great, insert the X headers as such, but the issue comes with the DNS blacklists. The first line of my header is as follows:

Received: from spaceball [127.0.0.1] by freekfly.com with ESMTP
(SMTPD32-8.05) id AC60600002A; Wed, 11 Feb 2004 10:38:08 -0500
Received: from mail.tecumsehgroup.com ([216.45.19.20])
by spaceball (MailMonitor for SMTP v1.2.0 ) ;

So the DNS blacklist is just looking up my localhost (127.0.0.1) the whole time and never checks the actual sending server 216.45.19.20.

So I've been trying to figure out how to strip that first line from the header either on the sophos side or on the imail side so that imail anti spam can deal with it and do the proper lookup against blacklists.

Maybe I could configure the blacklist call to skip over 127 addresses? Hmmm......another idea to try. Any help on this one? Please let me know if you need more detail.

Thanks,

Brian

 

[skotman]

Brian,
Can't. Thats the short answer. The reason is because Mail monitor is accepting the mail first. I have the same issue as I am running ASSP (assp.sourceforge.net) and imail. I think Declude junkmail (

http://www.declude.com)

had an option to over look the 127.0.0.1 header and do DNSBL checks against the sending servers.

However, I recomend moving imail to a different machine all together and setup ASSP on port 125 and have MailMonitor foward to ASSP.
ASSP is a Bayesion spam filter, takes about a week for it to learn, doesnt use DNSBL, but instead uses a greylist, and it's free!

Recomended Setup:

MailMonitor(25) > ASSP(125) > imail(25 on private network)
Or
ASSP(25) > MailMonirot(125) > imail25 on private network)

ASSP can block attachments, thus reducing the load MailMonitor has to do.

Scott Heath

http://www.scottspad.com

AIM: orange7288

 

[freekfly]

Thanks Scott,

I actually did look at ASSP before going this route. However I figured that I would just upgrade to iMail 8 since it had the anti-spam built in. It's doing a pretty good job so far on phrase filtering and URL Domain BL. But there is still some left to improve.

Anywhoo, my real goal here is to have the ability to check against the black lists that are out there, and with ASSP you can't do that? So I don't really see a need switch I guess.

The other thing that I would say after doing some more searching.....is ideally what I would like to find is a program out there that would answer a SMTP request and modify the header which would just pass it through.....anyone know of anything like that out there?

Thanks for your help!

-Brian

 

[skotman]

Black lists have a higher false positive rate then the baisian filters, thats the reason ASSP doesn't use black lists. Black lists are generally fairly broad blocks, thats why I recomend against them. How ever, I do recomend running your own black list if needed. For example, I dont do business/get e-mail from Asia, this any IP in APNIC is blocked.

Scott Heath

http://www.scottspad.com

AIM: orange7288