You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by Nick I <ni...@gmail.com> on 2014/06/05 14:01:55 UTC

Sub-test only for first ip

Hi

Can someone let me know which sub-test can i use to check only 1st real ip
addess (68.142.230.77) from this header against rbl dns server?

Received: from server (server
 [1.1.1.1])    (using TLSv1 with cipher AES256-SHA (256/256 bits))    (No
 client certificate requested)    by server2 (MTA) with ESMTPS
    for <user>; Wed,  4 Jun 2014 21:49:22 +0000 (UTC)

Received: from nm20.bullet.mail.bf1.yahoo.com ([98.139.212.179])    by
 server ([2.2.2.2])    with ESMTPS id 125F946210C00DS4013;
    Wed, 04 Jun 2014 17:49:22 -0400

Received: from [98.139.212.151] by nm20.bullet.mail.bf1.yahoo.com with
NNFMP;
 04 Jun 2014 21:49:22 -0000

Received: from [68.142.230.77] by tm8.bullet.mail.bf1.yahoo.com with NNFMP;
04
 Jun 2014 21:49:22 -0000

Received: from [127.0.0.1] by smtp234.mail.bf1.yahoo.com with NNFMP; 04 Jun
 2014 21:49:22 -0000

Thanks.

Re: Sub-test only for first ip

Posted by RW <rw...@googlemail.com>.

On Thu, 5 Jun 2014 15:01:55 +0300
Nick I wrote:

> Hi
> 
> Can someone let me know which sub-test can i use to check only 1st
> real ip addess (68.142.230.77) from this header against rbl dns
> server?
>

Why would you want to? It appears to be the address of a Yahoo
webmail server. 


In general spammers are free to add any received headers they like, so
the first (originating) public IP address can be anything outside your
trusted network.


 
> Received: from server (server
>  [1.1.1.1])    (using TLSv1 with cipher AES256-SHA (256/256 bits))
> (No client certificate requested)    by server2 (MTA) with ESMTPS
>     for <user>; Wed,  4 Jun 2014 21:49:22 +0000 (UTC)
> 
> Received: from nm20.bullet.mail.bf1.yahoo.com ([98.139.212.179])    by
>  server ([2.2.2.2])    with ESMTPS id 125F946210C00DS4013;
>     Wed, 04 Jun 2014 17:49:22 -0400
> 
> Received: from [98.139.212.151] by nm20.bullet.mail.bf1.yahoo.com with
> NNFMP;
>  04 Jun 2014 21:49:22 -0000
> 
> Received: from [68.142.230.77] by tm8.bullet.mail.bf1.yahoo.com with
> NNFMP; 04
>  Jun 2014 21:49:22 -0000
> 
> Received: from [127.0.0.1] by smtp234.mail.bf1.yahoo.com with NNFMP;
> 04 Jun 2014 21:49:22 -0000