[AMaViS-user] header sanity

Hi there,

I was wondering what amavisd-new does exactly to ensure Received
header sanity.

For example if I look at my logs I see
" Passed SPAM, [80.92.69.56] [77.87.224.34] "
The first IP is the one delivering to my MX, so it can be trusted. The
second IP is the IP from the first host (i.e. last Received: header)
in the mail.

Now the headers (the relevant ones) look like:

.....
X-ClientAddr: 217.95.30.242
Received: from pD95F1EF2.dip0.t-ipconnect.de (pD95F1EF2.dip0.t-
ipconnect.de [217.95.30.242])
by hosting1.xxxxx (8.13.1/8.13.1) with SMTP id m417cnVV001458
for <a...
<http://groups.google.com/groups/unlock?msg=21bb0850fef12f06&_done=/group/mailing.unix.amavis-user/browse_thread/thread/67e5563fef019546>@gum.lu>;
Thu, 1 May 2008 09:38:51 +0200
Received: from 77.87.224.34 (HELO mx1.bund.de)
by gum.lu with esmtp ({nChar[8-12]} {nChar[4-6]})
id LtyEyr-Gj2Ogl-zk
for a...
<http://groups.google.com/groups/unlock?msg=21bb0850fef12f06&_done=/group/mailing.unix.amavis-user/browse_thread/thread/67e5563fef019546>@gum.lu;
Thu, 01 May 2008 09:39:18 +0200
[end of headers]

Obviously the IP 77.87.224.34 is a fake since the "from" line in the
upper header has nothing to do with the " by" line in the lower
header. (I would have liked to see [217.95.30.242] as the second log
entry, or simply an empty entry if it was not sure.)

If I feed such mails to spamcop they recognize the fraud, but I guess
amavis (still?) doesn't.

Best regards,
Marc

-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference
Don't miss this year's exciting event. There's still time to save $100.
Use priority code J8TL2D2.
http://ad.doubleclick.net/clk;198757...un.com/javaone
_______________________________________________
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/...fo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/