You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Nick I <ni...@gmail.com> on 2014/06/05 14:01:55 UTC
Sub-test only for first ip
Hi
Can someone let me know which sub-test can i use to check only 1st real ip
addess (68.142.230.77) from this header against rbl dns server?
Received: from server (server
[1.1.1.1]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No
client certificate requested) by server2 (MTA) with ESMTPS
for <user>; Wed, 4 Jun 2014 21:49:22 +0000 (UTC)
Received: from nm20.bullet.mail.bf1.yahoo.com ([98.139.212.179]) by
server ([2.2.2.2]) with ESMTPS id 125F946210C00DS4013;
Wed, 04 Jun 2014 17:49:22 -0400
Received: from [98.139.212.151] by nm20.bullet.mail.bf1.yahoo.com with
NNFMP;
04 Jun 2014 21:49:22 -0000
Received: from [68.142.230.77] by tm8.bullet.mail.bf1.yahoo.com with NNFMP;
04
Jun 2014 21:49:22 -0000
Received: from [127.0.0.1] by smtp234.mail.bf1.yahoo.com with NNFMP; 04 Jun
2014 21:49:22 -0000
Thanks.
Re: Sub-test only for first ip
Posted by RW <rw...@googlemail.com>.
On Thu, 5 Jun 2014 15:01:55 +0300
Nick I wrote:
> Hi
>
> Can someone let me know which sub-test can i use to check only 1st
> real ip addess (68.142.230.77) from this header against rbl dns
> server?
>
Why would you want to? It appears to be the address of a Yahoo
webmail server.
In general spammers are free to add any received headers they like, so
the first (originating) public IP address can be anything outside your
trusted network.
> Received: from server (server
> [1.1.1.1]) (using TLSv1 with cipher AES256-SHA (256/256 bits))
> (No client certificate requested) by server2 (MTA) with ESMTPS
> for <user>; Wed, 4 Jun 2014 21:49:22 +0000 (UTC)
>
> Received: from nm20.bullet.mail.bf1.yahoo.com ([98.139.212.179]) by
> server ([2.2.2.2]) with ESMTPS id 125F946210C00DS4013;
> Wed, 04 Jun 2014 17:49:22 -0400
>
> Received: from [98.139.212.151] by nm20.bullet.mail.bf1.yahoo.com with
> NNFMP;
> 04 Jun 2014 21:49:22 -0000
>
> Received: from [68.142.230.77] by tm8.bullet.mail.bf1.yahoo.com with
> NNFMP; 04
> Jun 2014 21:49:22 -0000
>
> Received: from [127.0.0.1] by smtp234.mail.bf1.yahoo.com with NNFMP;
> 04 Jun 2014 21:49:22 -0000