|
The key to stopping some of this new spam is fairly easy.
Here is what I have seen with a lot of it
Received: from mailin-1.isoc.net (unverified [65.90.81.50]) by mail.isoc.net(Vircom SMTPRS 3.0.277) with ESMTP id <[EMAIL PROTECTED]> for <[EMAIL PROTECTED]>;Wed, 17 Dec 2003 10:56:14 -0500 Received: from 65.90.81.50 ([212.14.144.94])by mailin-1.isoc.net (8.11.6/8.11.6) with SMTP id hBHFjLS09135for <[EMAIL PROTECTED]>; Wed, 17 Dec 2003 10:45:24 -0500
In my setup I have relays before Modus, as you can see they are spoofing the FROM to the IP of my relay that they are sending the spam too. (highlighted in red)
I added a simple filter that looks like this:
if header :contains ["Received"] "from 65.90.81.50" { discard; stop; }
I would think your seeing similar tactics except they are delivering directly to your modus server but the FROM is probably spoofed as your servers IP address
So if you replace the 65.90.81.50 with the IP address of your modus server you should stop lots of nasties.
And since there is no reason for your modus sever to send mail to itself nor would it identify itself to itself by is IP address you should not get any false positives
John
|
- [Modus] Spam getting through Frank M. Cook
- [Modus] Spam getting through Eddie Stauble
- [Modus] Spam getting through Cary Fitch
- [Modus] Spam getting through Mike Herrera
- [Modus] Spam getting through Eddie Stauble
- [Modus] Spam getting through Cary Fitch
- [Modus] Spam getting through Mike Herrera
- [Modus] Spam getting through Benjamin S. Rogers
- [Modus] Spam getting through Benjamin S. Rogers
- [Modus] Spam getting through TIASpeed
- [Modus] Spam getting through ISOC Network Operations
- [Modus] Spam getting through Drew Salmon
- [Modus] Spam getting through ISOC Network Operations
- [Modus] Spam getting through Drew Salmon
