Well this logic "almost" makes sense. If a spammers SMTP engine starts at the oppposite end of MX priority and you have your IMAIL listed as the last MX priority and block at firewall ( or they try A records before MX records), etc.... but are using a real SMTP engine that keeps trying until it finds a valid server then this method kets imail "eat" the junk and delete it... rather than let it try to slip by postfix if it doesnt fail any tests.
Although if all your primary MX servers are offline watch out, everything gets silently deleted -----Original Message----- From: Bill Landry [mailto:[EMAIL PROTECTED] Sent: Thursday, October 16, 2003 6:41 PM To: [EMAIL PROTECTED] Subject: [IMGate] Re: SPAM that bypasses Postfix I you are going to control access within IMail (and not at the firewall), why not do it via SMTP Security in "Control Access" instead of rules? Would certainly be much easier, simpler, and probably more reliable. Bill ----- Original Message ----- From: "Richard Bewley" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, October 16, 2003 4:21 PM Subject: [IMGate] SPAM that bypasses Postfix I've found that a lot of spammers seem to bypass Postfix, and send directly to the IMail server, so that no spam filtering is done. So, after making sure DNS has updated, I put the following rule in IMail: In rules.ima H!~63.166.78.22!AND!H!~63.166.78.11:NUL Where the two IP addresses are that of the two Postfix servers. I currently (rather than the NUL) have it forwarding to a mailbox, so I can verify they are all indeed SPAM messages. So far, it's catching quite a few, with no false positives. Richard Bewley
