Community Discussions and Support
X-Originating-IP: Header

> You have made me wonder about whether I could extract the connecting
> IP address from (presumably) the Mercury log.

The log does have the IP addresses of the connecting host.

T 20110501 000410 4d9fbdca Connection from 62.20.118.73
T 20110501 000411 4d9fbdca EHLO mail.praktit.se
T 20110501 000411 4d9fbdca MAIL FROM:<NoReply@praktit.se> SIZE=4291
T 20110501 000412 4d9fbdca RCPT TO:<support@tstephenson.com>
T 20110501 000412 4d9fbdca DATA
T 20110501 000413 4d9fbdca DATA - 69 lines, 4397 bytes.
T 20110501 000413 4d9fbdca QUIT

That said, I use POPFile and POPFileD for spam and this is 99.97 percent effective.  I move the spam to a spam account that I check every so often so my false positive rate is zero.

&amp;gt; You have made me wonder about whether I could extract the connecting &amp;gt; IP address from (presumably) the Mercury log. The log does have the IP addresses of the connecting host. T 20110501 000410 4d9fbdca Connection from 62.20.118.73 T 20110501 000411 4d9fbdca EHLO mail.praktit.se T 20110501 000411 4d9fbdca MAIL FROM:&amp;lt;NoReply@praktit.se&amp;gt; SIZE=4291 T 20110501 000412 4d9fbdca RCPT TO:&amp;lt;support@tstephenson.com&amp;gt; T 20110501 000412 4d9fbdca DATA T 20110501 000413 4d9fbdca DATA - 69 lines, 4397 bytes. T 20110501 000413 4d9fbdca QUIT That said, I use POPFile and POPFileD for spam and this is 99.97 percent effective.&amp;nbsp; I move the spam to a spam account that I check every so often so my false positive rate is zero.

If I send a message from an external account to my Mercury server via my ISP, using Mercury D, the message shows a X-Originating-IP: header.  However, if I send a message from the same external account directly to my Mercury S server, no X-Originating-IP:is visible.  Could someone explain why this happens.

Thank you

Gordon

&lt;P&gt;If I send a message from an external account to my Mercury server via my ISP, using Mercury D, the message shows a X-Originating-IP: header.&amp;nbsp; However, if I send a message from the same external account directly to my Mercury S server, no X-Originating-IP:is visible.&amp;nbsp; Could someone explain why this happens.&lt;/P&gt; &lt;P&gt;Thank you&lt;/P&gt; &lt;P&gt;Gordon&lt;/P&gt;

> If I send a message from an external account to my Mercury server via my ISP, using Mercury D, the message shows a X-Originating-IP: header.
>  However, if I send a message from the same external account directly to my Mercury S server, no X-Originating-IP:is visible.  Could someone
> explain why this happens.

Your ISP does this otherwise the original SMTP connecting IP address would not be available when downloading from the POP3 account; MercuryS logs the original IP address and so it's not necessary to pass on in the message.   For my own amazement are you using this for anything?

&amp;gt; If I send a message from an external account to my Mercury server via my ISP, using Mercury D, the message shows a X-Originating-IP: header. &amp;gt;&amp;nbsp; However, if I send a message from the same external account directly to my Mercury S server, no X-Originating-IP:is visible.&amp;nbsp; Could someone &amp;gt; explain why this happens. Your ISP does this otherwise the original SMTP connecting IP address would not be available when downloading from the POP3 account; MercuryS logs the original IP address and so it&#039;s not necessary to pass on in the message.&amp;nbsp;&amp;nbsp; For my own amazement are you using this for anything?

Thank you, Thomas.  

 Although I use Mercury S for some mail, for most things I use my ISP and, as you indicated, with a POP3 connection. 

Although the X-Originating IP header might not be totally reliable, I use it as part of my anti-SPAM strategy.  In fact messages via my ISP sometimes show more than one X-Originating IP headers, but this is easy to sort out.  I reject all mail addressed to my personal addresses that comes from any country other than Canada, US, UK and Australia, unless a specific address has been whitelisted.  To do this, I look up the IP address to determine the country of origin.  This is not totally foolproof, but it works pretty well and probably gets rid of 90% of the SPAM.  For the remainder, I check two of the more reliable DNSBLs.

I don't use the X-Originating IP header for "commercial" mail, as each of my commercial contacts has been assigned a different e-mail address (my ISPs call these "disposable addresses").  When any of these addresses get compromised, I just change them for the specific commercial contact.  This has rarely happened.

You have made me wonder about whether I could extract the connecting IP address from (presumably) the Mercury log.

I know that there are other ways for dealing with SPAM, but this works well for me and the X-Originating IP header is a key part.  This all started when I only used my ISP as my mail source and some of the SPAM-fighting tools were not applicable (e.g. Graywall).

Gordon

&lt;P&gt;Thank you, Thomas.&amp;nbsp;&amp;nbsp;&lt;/P&gt; &lt;P&gt;&amp;nbsp;Although I use Mercury S for some mail, for most things I use my ISP and, as you indicated, with a POP3 connection.&amp;nbsp; &lt;/P&gt; &lt;P&gt;Although the X-Originating IP header might not be totally reliable, I use it as part of my anti-SPAM strategy.&amp;nbsp; In fact messages via my ISP sometimes show more than one X-Originating IP headers, but this is easy to sort out.&amp;nbsp; I reject all mail addressed to my personal addresses that comes from any country other than Canada, US, UK and Australia, unless a specific address has been whitelisted.&amp;nbsp; To do this, I look up the IP address to determine the country of origin.&amp;nbsp; This is not totally foolproof, but it works pretty well&amp;nbsp;and probably gets rid of 90% of the SPAM.&amp;nbsp; For the remainder, I check two of the more reliable DNSBLs.&lt;/P&gt; &lt;P&gt;I don&#039;t use the X-Originating IP header for &quot;commercial&quot; mail, as each of my commercial contacts has been assigned a different e-mail address (my ISPs call these &quot;disposable addresses&quot;).&amp;nbsp; When any of these addresses get compromised, I just change them for the specific commercial contact.&amp;nbsp; This has rarely happened.&lt;/P&gt; &lt;P&gt;You have made me wonder about whether I could extract the connecting IP address from (presumably) the Mercury log.&lt;/P&gt; &lt;P&gt;I know that there are other ways for dealing with SPAM, but this works well for me and the X-Originating IP header is a key part.&amp;nbsp; This all started when I only used my ISP as my mail source and some of the SPAM-fighting tools were not applicable (e.g. Graywall).&lt;/P&gt; &lt;P&gt;Gordon&lt;/P&gt;
live preview
enter atleast 10 characters
WARNING: You mentioned %MENTIONS%, but they cannot see this message and will not be notified
Saving...
Saved
With selected deselect posts show selected posts
All posts under this topic will be deleted ?
Pending draft ... Click to resume editing
Discard draft