>I've found that a lot of spammers seem to bypass Postfix, and send directly >to the IMail server, so that no spam filtering is done. So, after making >sure DNS has updated, I put the following rule in IMail: > >In rules.ima >H!~63.166.78.22!AND!H!~63.166.78.11:NUL > >Where the two IP addresses are that of the two Postfix servers. I >currently (rather than the NUL) have it forwarding to a mailbox, so I can >verify they are all indeed SPAM messages. So far, it's catching quite a >few, with no false positives.
if you're going to block like that, why not block at the firewall? or install a win32 firewall such zone alarm and set it up to do the same (with ZA logging) that can do TCP stealth, but tell all the others ports that are being attacked and blocked. Len
