Hi,
I am trying to block a particular spammer and do NOT want to use
"Blacklist DNS Server" as it blocks too many of our legitimate clients.
:-(
I have the following settings in place:
SMTP:
Relay for clients only = True. List contains IP Addresses on our LAN.
Verify Return Paths = True.
I have traced the IP address of the offending domain and have it entered
in the "Blacklist".
(I have traced the domain several times and the IP Address remains
constant)
ROUTER:
I have an entry for the offending domain: <*@domain> = error
I also have an entry NULL@NULL = error
Yesterday a message from the spammer arrived again, we have not seen any
for several weeks since I added the domain IP address to the "Blacklist".
My log file shows the following entry for the offending message.
21:58:58 2 SMTP-356([210.10.235.171]) {S.0000082248} received, 32148 bytes
21:58:59 2 SYSTEM [S.0000082248] S.0000082248 0+1 From:NULL@NULL
21:59:00 2 SYSTEM(POP) [S.0000082248] delivered to (recipient)
21:59:03 2 SYSTEM [S.0000082248] deleted
The IP address in the LOG (210.10.235.171) is not the same as the one in
the "Blacklist" so I assume the spammer has used a relay. Is this safe
to assume?
If my server is performing a "Verify Return Path" and I have NULL@NULL =
error in my ROUTER list, shouldn't the mail have been routed to ERROR
rather than delivered to the recipient?
OR am I missing something here?
Thank you for any help, assistance, guidance you can offer.
Geoff.
#############################################################
This message is sent to you because you are subscribed to
the mailing list <[EMAIL PROTECTED]>.
To unsubscribe, E-mail to: <[EMAIL PROTECTED]>
To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]>
To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]>
Send administrative queries to <[EMAIL PROTECTED]>
