Quote:
Originally posted by macquigg I don't understand what you mean by "mark reciept of the mail twice .. from different IP addresses". There is only one IP address in the three header lines I added - 64.191.210.175. In this example, authentication is done when we first get the request for a mail session: HELO this is pco-iraq.net, transmitting from 64.191.210.175 in the heart of sunny Baghdad  . At this point no messages have been received. If pco-iraq.net is forged, we reject the entire session.
|
I was reading it wrong...
I missed pavo.pco-iraq.net versus CANCER.pco-iraq.net.
Quote:
X-SpamScore: -14.0
Received: from CANCER.pco-iraq.net (cancer.pco-iraq.net [64.191.210.175]) by
open-mail.org (8.13.1/8.13.1) with ESMTP id kAGBKtIf002229 for
<xxx@box67.com>; Thu, 16 Nov 2006 06:20:57 -0500
X-Authent: 64.191.210.175 pco-iraq.net PTR1 PASS ratings=(2,9,None) <=====
Received: from pavo.pco-iraq.net ([64.191.210.183]) by CANCER.pco-iraq.net
with Microsoft SMTPSVC(6.0.3790.1830); Thu, 16 Nov 2006 14:22:16 +0300
Received: from FORNAX.pco-iraq.net ([172.16.5.106]) by pavo.pco-iraq.net with
Microsoft SMTPSVC(6.0.3790.1830); Thu, 16 Nov 2006 14:20:52 +0300
|
The experts are right, but not because of any RFC. Where you put the header there is no way for a down stream processor to tell for SURE if it was added by CANCER.pco-iraq.net or by open-mail.org.
If you prepend the header above your received line, then if open-mail.org is trusted by the downstream processor it can rely on the fact that a trusted MTA added the header. Sorry I missed it the first time.
If you are using a Sendmail milter to do your processing, from what little I know about milters, you can control where it puts the header. I'm working on a similar prepend issue right now and with a Postfix policy service I have to make sure I only prepend once per message and not once per recipient when doing processing after rcpt to. I don't know if that's an issue for milters or not.