Blocking emails that claim to come from our domain
Glenn Steen
glenn.steen at GMAIL.COM
Sun Dec 4 21:33:30 GMT 2005
[ The following text is in the "ISO-8859-1" character set. ]
[ Your display is set for the "US-ASCII" character set. ]
[ Some characters may be displayed incorrectly. ]
On 04/12/05, Nigel kendrick <support-lists at petdoctors.co.uk> wrote:
> Apologies if the answer to this is staring me in the face - I have done a
> few searches but without any luck.
>
> We are seeing a steady stream of emails from
> adsl-70-248-164-89.dsl.hstntx.swbell.net[70.248.164.89] that claim to come
> from an address in our domain (i.e.: admin at ourdomainname.com) and contain
> the usual stuff about verifying passwords, mail accounts being suspended
> etc. All legitimate users have to login to send mail so what's the most
> effective and simple way to block mail from external sources that contain
> our domain name? At the moment I am just putting the subjects in a
> spamassassin rule but it's a bit of a 'blunt' way of trapping them.
>
> Thanks
>
> Nigel Kendrick
>
Reject at the MTA (I use Postfix, and have a nice "ati-spoof" check
that I apply on HELO and senders... All trusted clients are handled by
a permit_mynetworks, so aren't affected). If it is a single IP, then
just firewall it.
--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list