Spam from (forged) whitelist domain

Julian Field mailscanner at ecs.soton.ac.uk
Mon Dec 22 09:10:53 GMT 2003


At 22:47 21/12/2003, you wrote:
>Does the whitelist check  look at the sending client IP, or the sending
>server IP?  (Assuming the my users only send from my server, and only
>authenticated users are allowed to send from there.)

It looks at the IP address at the other end of the SMTP connection to the
MailScanner server.


>Thanks.
>
>
>Julian Field wrote:
>
>>Exactly what I was about to suggest. You can use pretty much any of the
>>standard/common ways of expressing IP ranges and network subnets.
>>
>>At 22:51 19/12/2003, you wrote:
>>
>>>Just a thought, and I'm not sure this is correct, but perhaps you can
>>>whitelist your domain by IP instead of by name.
>>>
>>>-Eric Rz.
>>>
>>>On Fri, Dec 19, 2003 at 02:35:39PM -0800, Andy Alsup wrote:
>>> > I see a nontirvial volume of Spam that gets through to users using
>>> > forged headers with my domain as the from.  These are typically to:
>>> > user at mydomain from: user at mydomain
>>> >
>>> > My domain is whitelisted, so when a forged header comes along,  I
>>>get a
>>> > spam score that would have dealt with the spam, but it is whitelisted,
>>> > so delivered anyway.
>>> >
>>> > Is there a way to deal with this?
>>> >
>>> > Thanks.
>>
>>
>>--
>>Julian Field
>>www.MailScanner.info
>>Professional Support Services at www.MailScanner.biz
>>MailScanner thanks transtec Computers for their support
>>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654



More information about the MailScanner mailing list