>Does anyone know of a command line parameter or a way in which I can >setup a rule to Verify that an email being relayed from my server is an
>actual email address on my server? "Relay" means to send an outgoing E-mail through your mail server (as opposed to E-mail that is destined to a local user). So if it is sent to an actual E-mail address on your server, it won't be relayed. If you are looking to make sure that the "From" address matches an address on your server, beware that anyone can enter any return address in their client, so there is no "safety" there. I understand that there is no "safety" That is why I am trying to add this in addition to My Relay for Addresses option. Using both safeguards will at least force the spammer to identify themselves As members of my mail server. >I am using the email for addresses option Do you mean "Relay for addresses"? Yes sorry. >and I have all of the assigned IP address for my dial up users and my >local users. OK, that is good. >However someone is still able to send spam off of >my server using one of these IP addresses ... Yes, of course. That's why you only should enter IP addresses that you have control over. If you can't check to see who was using the IP address at the time the spam was sent, you are running an open relay (although it may be "partially closed"). I have over 2000 dial up customers who need access to mail services and are dynamically assigned an Ip address. The only other way I can see around it is to use the SMTP authentication. But I Don't want the pain of forcing all these dial-up users to change their settings to authenticate. >Also how can I track that email message and find out what the address >that >this >user is sending from? All you have to do is look at the "Received:" header from the E-mail that they sent out. Or, look in the IMail logs. >I have looked into the logs but I am having trouble determining which >message is from the spammer and I do not know >how to trace it back. Please send suggestions. Thanks Well, I'm assuming that someone received the spam and complained about it, or else you wouldn't know there is a problem. You can tell from the headers of the spam who sent it (the IP address of the sender). Or, take a look in the IMail logs to see when mail was sent to the person who received the spam. I have received one of the emails back as a forward but the message header only points back to My server and there is no mention of the original senders email address just their bogus user Name. I can look in the mail log and find when the message was sent but since the user used a bogus Username I can't trace it back through my Radius logs or figure out its IP address. I can find the mail message Qnumber but since the mail has been sent there is no corresponding message in the spool directory. So how can I figure out the IP address now? Thanks for your help. ---Matt -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of R. Scott Perry Sent: Friday, November 16, 2001 3:10 PM To: [EMAIL PROTECTED] Subject: Re: SPAMCOP:RE: [IMail Forum] SMTP Relay. What can we do better. >Does anyone know of a command line parameter or a way in which I can >setup a rule to Verify that an email being relayed from my server is an >actual email address on my server? "Relay" means to send an outgoing E-mail through your mail server (as opposed to E-mail that is destined to a local user). So if it is sent to an actual E-mail address on your server, it won't be relayed. If you are looking to make sure that the "From" address matches an address on your server, beware that anyone can enter any return address in their client, so there is no "safety" there. >I am using the email for addresses option Do you mean "Relay for addresses"? >and I have all of the assigned IP address for my dial up users and my >local users. OK, that is good. >However someone is still able to send spam off of >my server using one of these IP addresses ... Yes, of course. That's why you only should enter IP addresses that you have control over. If you can't check to see who was using the IP address at the time the spam was sent, you are running an open relay (although it may be "partially closed"). >Also how can I track that email message and find out what the address >that >this >user is sending from? All you have to do is look at the "Received:" header from the E-mail that they sent out. Or, look in the IMail logs. >I have looked into the logs but I am having trouble determining which >message is from the spammer and I do not know >how to trace it back. Please send suggestions. Thanks Well, I'm assuming that someone received the spam and complained about it, or else you wouldn't know there is a problem. You can tell from the headers of the spam who sent it (the IP address of the sender). Or, take a look in the IMail logs to see when mail was sent to the person who received the spam. -Scott --- Declude: Anti-virus, Anti-spam and Anti-hijacking solutions for IMail. http://www.declude.com Please visit http://www.ipswitch.com/support/mailing-lists.html to be removed from this list. An Archive of this list is available at: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Please visit http://www.ipswitch.com/support/mailing-lists.html to be removed from this list. An Archive of this list is available at: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
