Blacklist checking of all mail server in mail header

[jonkers]

Hi,

I currently don't run MailEnable, but I have short listed it as our future mail server. I have a question regarding its ability to block incoming SPAM.

Can MailEnable check all mail servers involved with the delivery of an email against an RBL, or not. I have included a header below which we received into our Inbox. When checking the one of the originating mail servers (bolded), I found that it was blacklisted, and would have been blocked by our existing RBL settings if it was actually checked. Could MailEnable detect this as spam?

Sorry about quoting the text, but bold didn't appear to show using a code block.

Regards,

Dale.

X-DN-ReceivedFileId: 14b34a75d09_YL4H_13e9-1.eml
X-DN-Spam-Bayesan-Probability: 0
Delivered-To: mark@mjm.com.au
X-DN-AuthorizedIP: RKUCAUJ4FHCHNRKARF3X4UCJNPJEXNYH-mms0XLvvWdAIS8nXc
b5vmZ2eDv8lGLsEF/lObjbTb+g=---
Return-Path: <jonathan2014m@mail.com>
Received: from vmcp15.digitalpacific.com.au ([101.0.112.4])
by mx.martinjonkersmotors.com.au (DeskNow) with SMTP ID 852
for <mark@mjm.com.au>;
Wed, 4 Feb 2015 09:31:54 +1000 (EST)
Received: from hosting.sewiwi.com ([103.11.134.181]:42585)
by vmcp15.digitalpacific.com.au with esmtps (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256)
(Exim 4.84)
(envelope-from <jonathan2014m@mail.com>)
id 1YImwj-000KUN-NV
for mark@mjm.com.au; Wed, 04 Feb 2015 10:31:53 +1100
Received: from static-mum-120.63.251.105.mtnl.net.in ([120.63.251.105]:16428 helo=User)
by hosting.sewiwi.com with esmtpa (Exim 4.84)
(envelope-from <jonathan2014m@mail.com>)
id 1YImuc-0001Dz-GZ; Wed, 04 Feb 2015 06:29:42 +0700
Reply-To: <barrokekembah1@mail15.com>
From: "Barrister Mbah Okeke"<jonathan2014m@mail.com>
Subject: Congratulation, At last your Payment is made.
Date: Wed, 4 Feb 2015 04:59:03 +0530
MIME-Version: 1.0
Content-Type: text/plain;
charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - hosting.sewiwi.com
X-AntiAbuse: Original Domain - mjm.com.au
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - mail.com
X-Get-Message-Sender-Via: hosting.sewiwi.com: authenticated_id: sales@nestadvance.com
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - vmcp15.digitalpacific.com.au
X-AntiAbuse: Original Domain - mjm.com.au
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - mail.com
X-Get-Message-Sender-Via: vmcp15.digitalpacific.com.au: mailgid no entry from get_relayhosts_entry

[jonkers]

On doing some more research, I believe what I'm after is deep header parsing. Does MailEnable do this to prevent spam?

Regards,

Dale.

[jonkers]

Hi,

Does anyone know if mailenable v9 spam checking going to improved to check relay servers?

Regards,

Dale.

[kiamori]

This is a very bad idea as all of the header below the top line can be spoofed and many spam bots will spoof much of this data to get past stuff like that.

Best way to filter is have several DNSBL, UrLBL, setup spamassassin as well as some custom filter rules and the auto learning bey filter. ME9 will fix greylisting to be much better functional for production use.

[jonkers]

I can't see why it's a very bad idea forgetting about it being spoofed as that can be addressed too.
Part of my problem is I also use an offsite backup mail server to collect emails if our onsite mail server is down. The offsite mail server is unable to filter emails anywhere near as well as I can onsite, so it's effectively working as a relay server and buffering our server. Now if I could apply the same mail filtering rules (RBL, SPF, etc) to all mail servers in the email header, then I should be able to have the same level of filtering no matter where the email came from.
In regards to the spoofing, I have seen emails with spoofed headers saying it originally came from us, but on closer inspection of the header, the IP address for us would fail an SPF check.
Checking all servers listed in the header may not be fail-safe, but it would at least be another step to slowing SPAM. Even if a SPAM bot spoofs the header, there should still be a record in the header from where the email was originally sent from captured by the original email server. If all the mail servers in the header were processed, it should make RBLs more effective too as I imagine that originating sources could be targeted better.