I've got an IMGate machine in front of my imail/declude, and ive set it up to drop any connection where anywhere in the SMTP header/banner it claims an IP or a domain of mine.
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Tuesday, December 02, 2003 2:57 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] What is this about ?? >I've gotten serveral of these the past few minutes. >Below are the full headers ..I'm assuming they are trying to relay ??? It's hard to say what spammers are doing when they aren't sending a real spam to someone. They may be making relay attempts, they may be checking to see if you have blocked a certain IP, they may be trying to get people to reply... >Also it seems that declude is claiming that 216.204.154.7 has no MX. >DnsStuff.com reports: Actually, that's a server of yours, which you've let Declude JunkMail know about. The confusion is that the spammer is doing something really stupid: He's claiming that his computer is an Internet host with the same name as your IP (that's about as silly as giving out a phone number when asked for a credit card -- it just doesn't work). >Received: from 216.204.154.7 [24.241.184.85] by maineconnect.net > (SMTPD32-8.01) id A524B75700F8; Mon, 01 Dec 2003 18:56:20 -0500 This is the Received: header that Declude JunkMail is looking at -- Declude uses the IP 24.241.184.85 for scanning, and a host name of "216.204.154.7" (which isn't a valid host name, so the E-mail fails the HELOBOGUS test). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
