> Clients are receiving emails like the one below where it looks like
> it originated from an email on their domain, but of course it did
> not.
"Looks like" a direct connection because the MAIL FROM: (or, even more
easily, the From: header) has your spoofed domain? I think you need to
familiarize yourself with the way SMTP works and how to use your logs.
> I was wondering if this could be someone connecting directly to my
> mail server on Port 25 and scripting this type of email?
It's not a human, it's a virus (a Bagle variant) being sent by the
virus' built-in SMTP client. You should search the archives for
"bagle" for more information on how to block the virus--I can't
believe you missed all the posts in the past couple of days!
As for blocking based on the MAIL FROM:, you will need to research
numerous site-specific factors to determine if outside IP addresses
can/should be allowed to spoof your domain. Many sites cannot do so.
--Sandy
------------------------------------
Sanford Whiteman, Chief Technologist
Broadleaf Systems, a division of
Cypress Integrated Systems, Inc.
e-mail: [EMAIL PROTECTED]
SpamAssassin plugs into Declude!
http://www.mailmage.com/download/software/freeutils/SPAMC32/Release/
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
