|
What if a webmail user sends email to
another user on that server? Drew From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of ISOC Network Operations The key to stopping some of this new spam
is fairly easy. Here is what I have seen with a lot of it Received: from mailin-1.isoc.net
(unverified [65.90.81.50]) by mail.isoc.net(Vircom SMTPRS 3.0.277) with ESMTP
id <[EMAIL PROTECTED]> for <[EMAIL PROTECTED]>;Wed, 17 Dec
2003 10:56:14 -0500 Received: from 65.90.81.50 ([212.14.144.94])by mailin-1.isoc.net (8.11.6/8.11.6) with SMTP id hBHFjLS09135for
<[EMAIL PROTECTED]>; Wed, 17 Dec 2003 10:45:24 -0500 In my setup I have relays before Modus, as
you can see they are spoofing the FROM to the IP of my relay that they are
sending the spam too. (highlighted in red) I added a simple filter that looks like
this: if header :contains
["Received"] "from
65.90.81.50" { discard;
stop; } I would think your seeing similar tactics except they are
delivering directly to your modus server but the FROM is probably spoofed as
your servers IP address So if you replace the 65.90.81.50 with the IP address of
your modus server you should stop lots of nasties. And since there is no reason for your modus sever to send
mail to itself nor would it identify itself to itself by is IP address you
should not get any false positives John |
- [Modus] Spam getting through Eddie Stauble
- [Modus] Spam getting through Cary Fitch
- [Modus] Spam getting through Mike Herrera
- [Modus] Spam getting through Eddie Stauble
- [Modus] Spam getting through Cary Fitch
- [Modus] Spam getting through Mike Herrera
- [Modus] Spam getting through Benjamin S. Rogers
- [Modus] Spam getting through Benjamin S. Rogers
- [Modus] Spam getting through TIASpeed
- [Modus] Spam getting through ISOC Network Operations
- [Modus] Spam getting through Drew Salmon
- [Modus] Spam getting through ISOC Network Operations
- [Modus] Spam getting through Drew Salmon
