Scott, cwdMail has just over 1,000 users -- tiny by the standards of many of the people on this list. I'm content with vectoring outbound mail through my IMGate filters for now.
I also identified the source IP of the abuser -- 217.20.241.152 -- which is a London-based satellite company. I've blocked the associated /24 from iMail and from the web server used to set up accounts. I may simply block it entirely at my router if I see hints of the problem continuing. Sadly, iMail web messaging does not include the IP address from with the sender connected. Ipswitch, that would be a big help in tracking down abusers. Please add that as soon as you can. Jeff Hitchcock - [EMAIL PROTECTED] -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Friday, January 16, 2004 1:50 PM To: [EMAIL PROTECTED] Subject: Re: [IMail Forum] Nigerian fraud spammers using iMail based WebMail accounts >I noticed the spamming about three days ago and deleted probably 30 >accounts yesterday when I noticed bounces coming back...(The Declude >junk mail did not stop them at all.) FYI, Declude JunkMail is an anti-spam program, and as such is designed to stop *incoming* spam. Although Declude JunkMail Pro is one of the few anti-spam programs that has the ability to scan outgoing E-mail for spam, we do not recommend using it as your sole method of preventing spamming. First, most of our customers to not block outgoing spam (to ensure that their customers' mail doesn't accidentally get caught -- if you know your customers, you don't need to block their mail). Second, it is an "all or nothing" approach -- it will either catch 100% of the spam (if the E-mail fails enough spam tests), or 0% of the spam (if it does not). We do have a program called Declude Hijack that is specifically designed to prevent hijacking of your mailservers, which uses rate limiting that in almost all cases catches all spam that a user tries to send. However, I believe that web messaging doesn't include the IP address of the source in the headers of the E-mail, so you would be stuck blocking all E-mail if someone starts sending out spam. Perhaps you can add rules to your firewall to block all IPs coming from Nigeria? It may only be a temporary measure (they could use proxies), but I believe most of the Nigerian scammers would prefer to go to an easier target rather than deal with proxies. -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
