On 11/29/06, Clifton Royston <[EMAIL PROTECTED]> wrote: > If these scores are correct, and you did indeed receive it from an > employee machine on your network, your employee has a really-truly > badly compromised machine on your network which is being actively used > to send spam. > -- Clifton
On 11/29/06, Gary V <[EMAIL PROTECTED]> wrote: > We would have to see the entire header (with minimal munging). It > appears the sender's address is not included in your internal or > trusted network (not that it should be if the sender is not > actually sending from your network). Do you have users relaying via > SASL AUTH? Is this sender one of them? Considering the number of RBLs > this hit, I hope it's not sent from your network. What version of > Postfix and SpamAssassin are you using? > > Gary V First, thanks for your answers, I am not at my office now, so I can't provide program Versions and full headers. Sorry me, I will provide it tomorrow. The user is sending email OUTSIDE my network, because he works at other location. And uses SASL Auth. He uses an automatic IP given by his ISP ( Could it be that IP being blacklisted because of the "public" condition?) The user could send emails before with no problem... Thanks! ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
