At 7:28 AM -0500 8/30/02, Joe Sporleder wrote:
>Dear SIMS Users,
>
>How do I use the router to get rid of the following spam that's been
>hitting our system? OK, I know I need to upgrade my SIMS a little,
>however, I do have just about every SPAM option turned on for this
>copy of SIMS. I have relay for clients only, I am even linking to a
>blacklist server that my ISP is hosting. What is the "truth" in
>these following message headers, and what is forged, and how do I
>use the router to keep it from getting to my server users? Thanks!
The "true" part of the header is:
>Received: from [67.119.179.89] (HELO compfix.com) by
>wacondatrader.com (Stalker SMTP Server 1.8b7) with SMTP id
>S.0000053897 for <[EMAIL PROTECTED]>; Fri, 30 Aug 2002
>01:37:00 -0500
because it was written by your mail server. The message most recently
came from 67.119.179.89, so that's either the most recent relay or the
actual origination point; in either case, you might want to block it.
A lookup on that IP address shows that it's a /23 block reassigned from
Pacific Bell, which means that it's possibly a single company's range.
The collateral damage risk in blocking this range is probably low.
This, BTW, is not something to use the router for; this is something to
use the SMTP blacklisting for. In your local blacklist, put a line like:
67.119.178.0 - 67.119.179.255 -- Porno spams
and it'll be gone.
#############################################################
This message is sent to you because you are subscribed to
the mailing list <[EMAIL PROTECTED]>.
To unsubscribe, E-mail to: <[EMAIL PROTECTED]>
To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]>
To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]>
Send administrative queries to <[EMAIL PROTECTED]>
