Hi all. I have a customer who is on a shared Imail server with ~1000 other customers.
Recently someone has been impersonating him and sending porno spam. It is not a trivial impersonation - they are actually able to relay mail via his Imail server from a computer somewhere in Macedonia. The Imail server is set to "No mail relay". So I guess the spammer is one of the 1000 other customers on the same Imail server. Or someone who hacked/sniffed a legitimate customer's username and password? I can only see one way to stop this impersonation - to create a rule that will check the From and the IP address in the header. The good customer always sends mail from the same static IP address. I am trying to create an outbound rule. I have tried it on the customer's virtual host as well as on the physical host. I can't seem to make the rule work. The rule look like this If the From Address Contains customer.com AND If the Header Text Does not Contain xxx.xxx.xxx.xxx (where xxx.xxx.xxx.xxx is the customer's static IP address) I also tried If the From Address Contains customer\.com AND If the Header Text Does not Contain xxx\.xxx\.xxx\.xxx What am I doing wrong? To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
