When to use a Rejected Mailhosts filter instead of a Sender/domain filter in Antigen (905962)


The information in this article applies to:

  • Sybari Antigen 8.0 for Microsoft Exchange
  • Sybari Antigen 8.0 for SMTP Gateways
  • Sybari Antigen 7.5 for Microsoft Exchange
  • Sybari Antigen 7.5 for SMTP Gateways

INTRODUCTION

This article describes when you should use a Rejected Mailhosts filter instead of a Sender/domain filter.

MORE INFORMATION

You should use a Rejected Mailhosts filter in the following scenarios:
  • The sender is continually changing.
  • The sender is spoofed.
In all other scenarios, use a Sender/domain filter.

Before you configure the Rejected Mailhosts filter, examine the header information of the SMTP message. When you configure the Rejected Mailhosts filter, you use the text from the "Received: from" line in the header information. The following examples show how the "Received: from" line appears in header information:

Received: from 902.211.48.69 (487.912.192.413 [487.912.192.413]) by server_name1.net with SMTP (Microsoft Exchange Internet Mail Service Version 0.0.1234.12) id L54JBBQS; Sat, 5 Apr 2003 00:11:03 +0600

Received: fromserver_name1.net ([903.666.167.183]] by 902.211.48.69 id JE96UEs2D1u0;
Sat, 5 Apr 2003 00:15:03 +0600
Message-ID: <8-l99f$0bac@com> X-Sybari-Space: 00000000 00000000 00000000 00000000
From: "Mom"
To: worldwidesupport@domain name.com
Cc:
Subject: Rejected Mailhosts filter over the Sender-Domain filter
Date: Sat, 5 Apr 2003 16:13:14 -0400

You can add an IP address or a domain name to the Rejected Mailhosts filter list. If you select the Perform reverse DNS lookup check box in the General Options work panel, Antigen can match an IP address in the header information of an SMTP message against a domain name in the Rejected Mailhosts filter list.

Antigen examines each public IP address in the header information of an SMTP message. Antigen will continue the scanning process if the IP addresses in the header information do not match any entries in the Rejected Mailhosts filter lists.

Note Antigen examines only the number of IP addresses that is configured in the Maximum RBL Lookups box in the General Options work panel.

The scanning process includes the following processes:
  • Sender/domain filtering
  • Subject line filtering
  • Keyword filtering
  • File filtering
  • Virus/worm scanning
Modification Type:MinorLast Reviewed:10/5/2005
Keywords:kbtshoot KB905962
©2004 Microsoft Corporation. All rights reserved.