Newbie Question

Matt Kettler mkettler at EVI-INC.COM
Sat Feb 22 00:12:30 GMT 2003

First, 10.*.*.* is a reserved set of IP addresses which are non-routable on
the public internet.

If you really are getting spam directly delivered to your mailserver from a
machine with those IP addresses it is a part of your local network, or a
VPN tunnel to it.

If those IP's appear in headers way back in the message Received trail,
realize that lots of people use 10.* subnets, me included (my workstation
here has the non-routable IP, but I could assign it anything I
wanted in the 10.*.*.* range).

I would strongly advise against using any such rule which looks for
10.10.10.* in the message headers as a critera for spam, as those IP
addresses are non-routable and can be used by anyone inside their network
borders. Instead I'd look at the IP's of the machines delivering the mail
to your mailserver... that IP has to be real and routeable.

As for denying inbound messages, that is really best done at the sendmail
level using /etc/mail/access or virtusertable's. But I'm not sure offhand
the best way of doing it for a rcpt to:.

At 05:13 PM 2/21/2003 -0600, Marco Obaid wrote:
>Hello all,
>I am just new to the Ruleset concept and just need a little push.
>How do I write a ruleset to mark messages from a subnet as spam?
>How do I write a ruleset to deny message coming to a generic account, for
>example rpc at
>I am receiving a low-score spam to rpc at Also, for some reason, some
>spam is making it through. The pattern is the originating servers. For
>they all are,, ... etc. The spam score for those
>messages is ssss, which I am assuming low to be denied.
>Thank you for any hints you may offer
>I love MailScanner
>This mail is sent through MUW Webmail: http://www.MUW.Edu/webmail
>For the latest MUW Events, visit  http://www.MUW.Edu/calendar

More information about the MailScanner mailing list