Re: [Declude.Virus] Virus bypassing newer MX records

[Matt]

It does have this configuration, however I'm not sure about how secure that might be, or if it will still reject E-mail addressed locally (IMail does not for instance).  I think that this might be appropriate as long as the server doesn't have roaming users that connect with SMTP AUTH, or at least we had to work around that in one situation.  The good thing is that most small businesses that I have experienced only allow remote access through OWA and they don't do SMTP AUTH.  Maybe I'll learn more in this thread though. FYI, we've been monitoring this stuff from a collection of domains and have found that about 0.5% of the spam is using cached lookups to deliver their E-mail, and over 5 months or so, there is no sign of any drop off in that activity.  There are three main culprits, the enlargement spammer, some static porn house, and a Chinese language spammer, but there is a smattering of other stuff, some of it is less long-lived though.  Firewalling the customer's server has become standard practice as a result, especially since this stuff can be targeted at just a few individuals and that ruins their experience with us, especially the enlargement guy that sends many messages. Matt Andy Schmidt wrote: Other than the firewall/router - doesn't their SMTP server application (e.g., like IIS) have the ability to restrict inbound connections to certain IP ranges.   We had a similar issue with one of my relay customers - and we just defined IIS SMTP to only accept mail from my network. Best Regards Andy Schmidt H&M Systems Software, Inc. 600 East Crescent Avenue, Suite 203 Upper Saddle River, NJ 07458-1846 Phone:  +1 201 934-3414 x20 (Business) Fax:    +1 201 934-9206 http://www.HM-Software.com/ -- ===================================================== MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ =====================================================