Re: [Declude.JunkMail] Faking valid Email Addresses

Mon, 21 Jul 2003 19:55:48 -0700 

Instead of whitelisting your domain, whitelist your IMail server's IP
address (or IP addresses), it's much harder to spoof those:

        WHITELIST IP xxx.xxx.xxx.xxx
or
        WHITELIST IP xxx.xxx.xxx.0/24

Also, I don't think that the "WHITELIST REVDNS kendra.com" is your problem
here, since the connecting mail server's IP address, 213.182.166.7, does not
resolve via RDNS to kendra.com.  Are you sure that you do not have something
like the following in your global.cfg file:

        WHITELIST FROM @kendra.com
or
        WHITELIST TODOMAIN @kendra.com

If so, that would be your problem.  You will need to parse your log file for
this message to see exactly why this message was actually whitelisted.

Bill

----- Original Message ----- 
From: "Rich" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, July 21, 2003 7:17 PM
Subject: [Declude.JunkMail] Faking valid Email Addresses


I've got a problem with spam that fakes our Email address in the header,
example below...

Received: from kendra.com [213.182.166.7] by kendra.com
   (SMTPD32-6.06) id AEA89090136; Mon, 21 Jul 2003 14:44:08 -0700
From: "jenna knowly" <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Take advantage of lower interest rates
Mime-Version: 1.0
Content-Type: text/html; charset="ISO-8859-1"
Date: ��, 22 ��� 2003 01:45:08 -0600
Content-Transfer-Encoding: 8bit
Abuse-Tracking: <Y21Ob1lXNWtiR1Z5UUd0bGJtUnlZUzVqYjIwPQ==>
Message-Id: <[EMAIL PROTECTED]>
X-Declude-Sender: [EMAIL PROTECTED] [213.182.166.7]
X-Spam-Tests-Failed: Whitelisted
X-Note: This E-mail was sent from [No Reverse DNS] ([213.182.166.7]).
X-Spam-Prob: 1.000000
X-RCPT-TO: <[EMAIL PROTECTED]>
Status: U
X-Mozilla-Status: 8001
X-Mozilla-Status2: 00000000
X-UIDL: 332149997

It uses the intended To: address as the from address, I've got

WHITELIST REVDNS kendra.com

in global.cfg.

Any ideas, I've been searching the archives for a similar problem.

Rich




--------------
Rich Griebel
[EMAIL PROTECTED]
http://www.kendra.com
Scanned for Viruses using Declude and F-Prot


---
[This E-mail was scanned for viruses by Declude Virus
(http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]

---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

Reply via email to