The only way you could do that is if they are making up email addresses at your domain as 'from' addresses and these addresses don't really exist. I don't know of a specific matcher that does that. But it would be easy to create one. If they are using existing email addresses as from address, I don't see a way to differentiate from a legit email from that person.
-----Original Message----- From: Chris Hane [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 23, 2005 10:20 AM To: James Users List Subject: Re: How to stop Spam sent to my domain FROM my domain? You are correct it is not coming from my server. And I'm aware of spam like this that I can not stop on my server.... I'm asking a bit of a different question. A third party is sending mail to me ([EMAIL PROTECTED]). They have set the FROM address to be ([EMAIL PROTECTED]). In this case, James is getting the email and delivering it to me. What I wonder is there a configuration setting or matcher/mailet that can detect this and do something (e.g., mark is as spam, or just reject it entirely) with the email. Chris.... JWM wrote: >Chris, > >99% chance it has nothing to do with your server. That mail never came >close to your server. Anyone can put any return address they want on an >email. What typically happens is that viruses on user's machines will >harvest addresses from the user's inbox and use them as return addresses for >spam. > >So the good news is that it isn't coming from your server, and therefore you >don't have a virus or security hole. The bad news is that isn't coming from >your server, and therefore there is absolutely nothing you can do to prevent >it. > >Jerry > >-----Original Message----- >From: Chris Hane [mailto:[EMAIL PROTECTED] >Sent: Wednesday, November 23, 2005 9:26 AM >To: [email protected] >Subject: How to stop Spam sent to my domain FROM my domain? > > >I have a pretty vanilla James (latest released version) installation. > >I am receiving spam from third parties with the FROM set to an address >in my domain (for example the from is [EMAIL PROTECTED]). I'm assuming >this is some type of virus on the sending machine. > >Is there a configuration option or mailet/matcher that will verify that >if the FROM address is using a domain being managed by James, that the >email user must be authenticated? > >I have James setup so that authentication is required to send/receive >email using the server. However, if email is being sent to me, the FROM >address can be anything, which includes addresses in my domain. > >It's causing a bit of confusion in my user base because the emails look >like the are coming from legit addresses. Our virus software is >stripping out the viruses, so I'm not worried (right now) about >virus...this is more a support issue with my users. > >Thanks in advance, >Chris.... > >--------------------------------------------------------------------- >To unsubscribe, e-mail: [EMAIL PROTECTED] >For additional commands, e-mail: [EMAIL PROTECTED] > > > >--------------------------------------------------------------------- >To unsubscribe, e-mail: [EMAIL PROTECTED] >For additional commands, e-mail: [EMAIL PROTECTED] > > > > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
