Blocking from my own forged domain
Richard Brown
r.brown at LAWSON-HIS.CO.UK
Tue May 4 15:16:22 IST 2004
Stephe Campbell wrote:
> Return-Path: <g>
> Received: from mailgw2.cnpapers.net (mailgw2.cnpapers.net [216.30.205.19])
> by kanawha.cnpapers.net (8.11.6/linuxconf) with SMTP id i43MluL16091
> for <userto at wvgazette.com>; Mon, 3 May 2004 18:47:56 -0400
> Received: from Default.org ([24.196.186.68])
> by mailgw2.cnpapers.net (SAVSMTP 3.1.0.29) with SMTP id
> M2004050318500904054 for <userto at wvgazette.com>; Mon, 03 May 2004 18:50:12
> -0400 Date: Mon, 03 May 2004 18:56:21 -0500
>
> The mailgw2 is a Norton Mail Gateway AV machine outside our firewall (for
> now). It is our MX for the domain and forwards to the MS/Sendmail box. I
> have wvgazette.com whitelisted. Obviously, moving the mailgw2 machine
> inside a firewall would allow me to block IP 24.196.186.68, but until I
> do, which could take some time, is there anything obvious to anyone that
> would allow me to block any of the above message types? "userto" and
> "userfrom" are real addresses.
>
>
> Any solid solutions or ideas would be appreciated, as well as any failings
> of this idea of IP blocking being brought forth and pointed out to me
>
> Steve Campbell
> campbell at cnpapers.com
> Charleston Newspapers
Why have you whitelisted the domain (wvgazette.com) and not the valid IP's
your users can send from?
You can put the IP addresses in a ruleset such as spam.check.rules or
spam.whitelist.rules.
Regards,
--
Richard Brown
http://www.lawson-his.co.uk
0870 99 070 52
-------------------------- MailScanner list ----------------------
To leave, send leave mailscanner to jiscmail at jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/ and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html
More information about the MailScanner
mailing list