First, thank you in advance for your response. I'm using Imail Ver. 7.13
and all Outlook 97 clients. I've been using Imail for several months now
and battling SPAM. I'm currently using the rules.ima file that I picked up
from famhost.com (thanks a million) with some modifications. Also using
control access and kill file. I'm seeing more and more instances like the
following.
connect 24.104.0.45 port 48651
06:08 02:35 SMTPD(2EE900C4) [24.104.0.45] EHLO atlas.blazenet.net
06:08 02:35 SMTPD(2EE900C4) [24.104.0.45] MAIL From:<[EMAIL PROTECTED]>
06:08 02:35 SMTPD(2EE900C4) [24.104.0.45] RCPT To:<[EMAIL PROTECTED]>
06:08 02:35 SMTPD(2EE900C4) [24.104.0.45]
d:\Imail\spool\Dd9452ee900c41a9a.SMD 3860
AND
connect 24.104.0.45 port 34929
06:09 03:08 SMTPD(0A490094) [24.104.0.45] EHLO atlas.blazenet.net
06:09 03:08 SMTPD(0A490094) [24.104.0.45] MAIL
From:<[EMAIL PROTECTED]>
06:09 03:08 SMTPD(0A490094) [24.104.0.45] RCPT To:<[EMAIL PROTECTED]>
06:09 03:08 SMTPD(0A490094) [24.104.0.45]
d:\Imail\spool\D32880a490094c92d.SMD 1666
The IP is a backup server provided by our ISP. As i've been blocking more
IP's it seems more messages are coming through this way which prevents me
from blocking them. The rules.ima is catching some, but I'd rather block.
What recommendations do you folks have?
On a similiar note, I'm running into situations like the above where the
IP is a larger providers IP (like Excite, MSN, Yahoo.....) the Mail from is
something entirely different. (forged like above). When I click on the
Options tab of the message itself, there is no header information, so I
can't see where it is really coming from. The text in the subject line is
generic enough to cause problems if I try to create rules for each message
that comes in this way. There is only an html attachment in the body.
Below is an example from the log.
connect 200.29.56.222 port 1757
06:09 16:56 SMTPD(21F7010C) [200.29.56.222] HELO 222-56-29.dial.terra.cl
06:09 16:56 SMTPD(21F7010C) [200.29.56.222] MAIL FROM: <[EMAIL PROTECTED]>
06:09 16:56 SMTPD(21F7010C) [200.29.56.222] RCPT TO:
<[EMAIL PROTECTED]>
06:09 16:57 SMTPD(21F7010C) [200.29.56.222]
d:\Imail\spool\Df48c21f7010caab1.SMD 3667
06:09 16:57 SMTP-(000000BA) processing d:\Imail\spool\Qf48c21f7010caab1.SMD
The IP above is from somewhere in CHILE, but the mail from is not matching.
I realize this is tactic used by spammers, but how do you folks combat
this?
Here is another:
connect 68.168.87.120 port 2411
06:09 22:39 SMTPD(1247007E) [68.168.87.120] HELO
pa-scranton9a-2-120.sctnpa.adelphia.net
06:09 22:39 SMTPD(1247007E) [68.168.87.120] MAIL FROM:
<[EMAIL PROTECTED]>
06:09 22:39 SMTPD(1247007E) [68.168.87.120] RCPT TO:
<[EMAIL PROTECTED]>
06:09 22:39 SMTPD(1247007E) [68.168.87.120]
d:\Imail\spool\D44eb1247007e9a7d.SMD 2009
I can't block the IP, it's legit. The mail from is a random forgery I may
never see again. Subject is "Can you cheer me up?" Doesn't seem to be
something good to filter on.
Sorry this is so long. Thanks again for any advice. I do plan on moving
to Ver 8 in the near future. Budget issues prevent a Declude purchase at
this time.
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
