>relay through it. That at least suggests this did originate from
>mail.salonchannel.com. If this is a spoofed address, they spoofed the mail
>server reporting also. I'm just not going to hide anything.
This looks ok, but as you say, maybe spoofed (maybe tell
salonchannel.com about it and see what they say), also complain to Interland.
also, did you try to see all the delivery headers in those messages,
not just the envelope headers?
# dig mail.salonchannel.com a
; <<>> DiG 8.2 <<>> mail.salonchannel.com a
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 3
;; QUERY SECTION:
;; mail.salonchannel.com, type = A, class = IN
;; ANSWER SECTION:
mail.salonchannel.com. 15M IN A 216.247.149.240
# dig -x 216.247.149.240
; <<>> DiG 8.2 <<>> -x
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 3
;; QUERY SECTION:
;; 240.149.247.216.in-addr.arpa, type = ANY, class = IN
;; ANSWER SECTION:
240.149.247.216.in-addr.arpa. 15M IN PTR mail.salonchannel.com.
>It attempted to send email with an empty from address fortunately.
That's not culpabalizing, by itself.
>It sent it directly to mail.tulsa.com. It was bypassing my IMGATE
>which has a lower
>MX number, so IMGATE wasn't involved except to save email till I was able
>to remove two iMail logs totaling 780mb
whoa, big numbers!
>My situation:
>In about 200 domains dns, I use:
>
> IN MX 10 mailgateway.internetworks.net ;my IMGATE machine
> IN MX 20 mail.a-domain-name.com ;the iMail name
> for this domain.
>
>Almost all of the spam and abuse, that gets through, goes around the IMGATE
>machine and hits mail.a-domain-name.com directly.
Then take out the MX 20, just run MX 10. every bit of obscurity helps.
>The question:
>Is there an easy way around this where my customers can pop their accounts
>at mail.a-domain-name.com still and remove the iMail box from view or
>access for smtp?
See above, just remove the MX 20, run one MX, two IMGates as MX 10 and 20.
>The only way I see to do this is with a firewall between the iMail and the
>Internet that re-routes smtp to the IMGATE machine.
yeah, that's one way, but it would be better just to packet filter
internet access at your border router to Imail's port 25. Why
portmap that crap over to Imgate?
>What I'm looking for is one of those "Forehead slapping, why didn't I think
>of that answers".
If you don't have roaming user's sending to your Imail box from
internet (but only from your own ip's), then you could block access
to Imail's port 25 at your border router.
If you do have roamers, force your roamers to send through their
access providers' SMTP relays, not through you. They can still get
to your Imail port 110 and 80 for pop and webmail because you won't
packet filter those.
Len
http://BIND8NT.MEIway.com : Binary for ISC BIND 8.2.3 for NT4 & W2K
http://IMGate.MEIway.com : Build free, hi-perf, anti-spam mail gateways
Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.
An Archive of this list is available at:
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
