Microsoft KB Archive/905962

= When to use a Rejected Mailhosts filter instead of a Sender/domain filter in Antigen =

Article ID: 905962

Article Last Modified on 2/27/2007

-

APPLIES TO


 * Sybari Antigen 8.0 for Microsoft Exchange
 * Sybari Antigen 8.0 for SMTP Gateways
 * Sybari Antigen 7.5 for Microsoft Exchange
 * Sybari Antigen 7.5 for SMTP Gateways

-





INTRODUCTION
This article describes when you should use a Rejected Mailhosts filter instead of a Sender/domain filter.



MORE INFORMATION
You should use a Rejected Mailhosts filter in the following scenarios:
 * The sender is continually changing.
 * The sender is spoofed.

In all other scenarios, use a Sender/domain filter.

Before you configure the Rejected Mailhosts filter, examine the header information of the SMTP message. When you configure the Rejected Mailhosts filter, you use the text from the “Received: from” line in the header information. The following examples show how the “Received: from” line appears in header information:

Received: from 902.211.48.69 (487.912.192.413 [487.912.192.413]) by .net with SMTP (Microsoft Exchange Internet Mail Service Version 0.0.1234.12) id L54JBBQS; Sat, 5 Apr 2003 00:11:03 +0600

Received: from .net ([903.666.167.183]] by 902.211.48.69 id JE96UEs2D1u0;

Sat, 5 Apr 2003 00:15:03 +0600

Message-ID: <8-l99f$0bac@com> X-Sybari-Space: 00000000 00000000 00000000 00000000

From: &quot;Mom&quot;

To: worldwidesupport@ .com

Cc:

Subject: Rejected Mailhosts filter over the Sender-Domain filter

Date: Sat, 5 Apr 2003 16:13:14 -0400

You can add an IP address or a domain name to the Rejected Mailhosts filter list. If you select the Perform reverse DNS lookup check box in the General Options work panel, Antigen can match an IP address in the header information of an SMTP message against a domain name in the Rejected Mailhosts filter list.

Antigen examines each public IP address in the header information of an SMTP message. Antigen will continue the scanning process if the IP addresses in the header information do not match any entries in the Rejected Mailhosts filter lists.

Note Antigen examines only the number of IP addresses that is configured in the Maximum RBL Lookups box in the General Options work panel.

The scanning process includes the following processes:
 * Sender/domain filtering
 * Subject line filtering
 * Keyword filtering
 * File filtering
 * Virus/worm scanning

Additional query words: mail host mailhost

Keywords: kbtshoot KB905962

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.