Hello,
I put something on this mailing list earlier about spam messages
being forwarded automatically from our secondary mail server because the
local subnet is white listed. You said to add the IPBYPASS line with the IP
address of the secondary mail server, and Declude would then run the tests
on the IP address of the server that sent the message to the secondary mail
server.
Well, today I received a copy of a spam e-mail from one of our
clients. He included the internet headers of the message and it was sent to
the primary mail server from the secondary mail server. The person who sent
it was on a DSL line from prima.net.
The secondary is running Sendmail (with latest patches installed),
and it's configured to only allow caching of messages (via the relay-domains
file) which we host the clients DNS (secondary MX record) or e-mail accounts
(on iMail server).
Below is part of the internet header and part of the global.cfg
file. Thanks..
Internet Header:
Received: from secmail.crescentdigital.com [67.17.218.70] by
mail.crescentdigital.com with ESMTP
(SMTPD32-6.06) id AE17510152; Mon, 17 Mar 2003 15:20:39 -0500
Received: from dsl-200-42-88-152.prima.net.ar
(dsl-200-42-88-152.prima.net.ar [200.42.88.152])
Global.cfg File:
#XOUTHEADER Organization: Your Name Here
IPBYPASS 67.17.218.70
WHITELIST IP 67.17.218.0/25
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
