>Recently someone has been impersonating him and sending porno spam. It is
>not a trivial impersonation - they are actually able to relay mail via his
>Imail server from a computer somewhere in Macedonia.
aka "Alexander the Great's Revenge", about the same entertainment value as
"Montezuma's Revenge"
> The Imail server is set to "No mail relay". So I guess the spammer is
> one of the 1000 other customers on the same Imail server. Or someone who
> hacked/sniffed a legitimate customer's username and password?
it's all in the SMTPD log line. you should see the connect from Macedonia,
ip, the SMTP AUTH succeeding, and the spamming.
>I can only see one way to stop this impersonation - to create a rule that
>will check the From and the IP address in the header. The good customer
>always sends mail from the same static IP address.
don't bother with rules, too expensive.
Block the ip address.
From SMTP AUTH login line ("spammer treated as local"), cancel the account.
"BOFH rules shall apply at all times."
Len
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
