Quote:
Originally posted by robmueller
I won't add isps to trusted hosts, since they are actually indirectly the source of most spam with their users on dsl networks with compromised machines. ...
|
I thought that the "trusted hosts" was just about being able to trust a host to put in correct "Received" headers. So even if an ISP's outgoing SMTP server relays spam sent by broadband subscribers it usually can be trusted to prepend correct "Received" headers to the email it relays.
Anyway, how do you know where to stop accepting "Received" headers? Most forwarders I've seen add several such headers.
Here are headers from mail forwarded by the AMS:
Code:
Received: from ams.org (mail01.ams.org [130.44.1.106])
by mx2.messagingengine.com (Postfix) with ESMTP id 907F91DE08D
for <member@myself.123mail.or9>; Tue, 20 Feb 2007 09:53:09 -0500 (EST)
Received: from smtp.ams.org (smtp.ams.org [130.44.1.23])
by ams.org (Switch-3.2.5/Switch-3.2.5) with ESMTP id l1KErQJm007015
(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO)
for <myself@member.ams.or9>; Tue, 20 Feb 2007 09:53:27 -0500 (EST)
Received: from narkis.wisdom.weizmann.ac.il (narkis.wisdom.weizmann.ac.il [132.76.80.32])
by smtp.ams.org (8.12.11.20060308/8.12.11) with ESMTP id l1KEr4Fg006136
for <myself@member.ams.or9>; Tue, 20 Feb 2007 09:53:05 -0500
The bottom two "Received headers were added by the AMS.
Here's one from my ISP:
Code:
Received: from omr1.bezeqint.net (omr1.bezeqint.net [192.115.104.8])
by mx1.messagingengine.com (Postfix) with ESMTP id C7F39A919C
for <bezeqint@myself.123mail.or9>; Mon, 12 Feb 2007 23:43:39 -0500 (EST)
Received: from mas21.bezeqint.net (mas21.bezeqint.net [192.115.104.151])
by omr1.bezeqint.net (Bezeq International SMTP out Mail Server) with ESMTP id 968201622D6
for <bezeqint@myself.123mail.or9>; Tue, 13 Feb 2007 06:43:40 +0200 (IST)
Received: from localhost (localhost [127.0.0.1])
by mas21.bezeqint.net (MOS 3.7.3a-GA)
id CQE91258;
Tue, 13 Feb 2007 06:43:35 +0200 (IST)
Received: from mr5.bezeqint.net (mr5.bezeqint.net [192.115.104.75])
by mas21.bezeqint.net (MOS 3.7.3a-GA)
with ESMTP id CQE91213;
Tue, 13 Feb 2007 06:43:31 +0200 (IST)
Received: from SHIVUK-NET-5 (Hosting-IGLD-192-248.inter.net.il [213.8.192.248] (may be forged))
by mr5.bezeqint.net (MOS 3.7.5a-GA)
with SMTP id EIB12155;
Tue, 13 Feb 2007 06:43:30 +0200 (IST)
Here the forwarder added 4 "Received" headers so if the forwarder can be trusted the bottom one shows the originating IP (personally I trust these headers and crop all but the bottom one from spam reported using SpamCop).
And here's one that adds 5 "Received" headers:
Code:
Received: from davar1.openu.ac.il (mailhost-main.openu.ac.il [192.114.2.5])
by mx2.messagingengine.com (Postfix) with ESMTP id 3A0C71DBDAA
for <openu@outlook.myself.tld>; Fri, 16 Feb 2007 10:03:21 -0500 (EST)
Received: from TAMAR.openu.local (rimon.openu.ac.il [147.233.6.65])
by davar1.openu.ac.il (Postfix) with ESMTP id 197C7358827
for <openu@outlook.myself.tld>; Fri, 16 Feb 2007 17:03:11 +0200 (IST)
Received: from metate.openu.ac.il ([147.233.197.30]) by TAMAR.openu.local
with Microsoft SMTPSVC(6.0.3790.1830);
Fri, 16 Feb 2007 17:03:45 +0200
Received: from madrid.openu.ac.il (mailhost-main.openu.ac.il) by metate.openu.ac.il
(Clearswift SMTPRS 5.2.5) with SMTP id <T7dd7ec2d7a93e9c51e9f8@metate.openu.ac.il>
for <me@openu.ac.i1>; Fri, 16 Feb 2007 17:04:51 +0200
Received: from davar1.openu.ac.il (davar1.openu.ac.il [192.114.2.5])
by madrid.openu.ac.il (8.12.11.20060308/8.12.11)
with ESMTP id l1GF29jU001194
for <me@openu.ac.i1>; Fri, 16 Feb 2007 17:02:21 +0200
Received: from server2.kcsnet.net (kcsnet2.spd.co.il [212.199.125.71])
by davar1.openu.ac.il (Postfix) with ESMTP id 0A1EF35882D
for <me@openu.ac.i1>; Fri, 16 Feb 2007 17:02:14 +0200 (IST)