SMTP IP / blocklist question

[Red Squirrel]

When a spam filter (ex: RBL check) checks an IP, where does it get the IP from. Does it get it from the email headers? If yes, isin't that kinda counter productive? since thats easy to spoof.

Also I noticed that when users send email through a SMTP, sometimes other SMTP servers will check the IP of the SMTP itself othertimes it will check the IP of the user who sent the mail. Why is this?

 

[Crusty]

You aren't blocking people creating and sending emails, you are blocking mail servers that are known to be open relays or to have relayed spam in the past. There is no 100% way for you to know the IP address of where the email originated from so you can only identify the last MTA before it hits your server. There might be some filters that look through the headers for known spammer's IPs and such but that's not a reliable way of doing it.

Every time a message hits a new MTA on the way to your server they should be adding information to the headers of the email, and that's the only place the IP of the sender will be preserved because once that TCP/IP packet is received by that MTA the IP information embedded in the packet header will not be preserved in further network transmissions.

 

[Red Squirrel]

Yeah that makes more sense, though I see a lot of times where someone can't send mail because their home IP is in a black list - not the SMTP, which is odd. Like for example my sister tried to send a mail to us, normally it works, but this time my spam filter caught it because her home IP was in spamhaus, but shouldn't my filter be checking the SMTP's IP instead? I've seen other filters do that, not just mine.