How do I block a domain from the recieved portion of headers

[Steve Campbell]

I would say the best way is, in order of preference, is:

Block the sending IP at a firewall

Block the sending IP in your MTA

Block the sending IP in your spam.blacklist rules

There are probably a lot more, but these are just the ones I usually use. The preference is based on resources your system would use.

Steve Campbell
campbell at cnpapers.com
Charleston Newspapers

  ----- Original Message ----- 
  From: Brandon Hoppe 
  To: mailscanner at lists.mailscanner.info 
  Sent: Tuesday, March 21, 2006 10:56 AM
  Subject: How do I block a domain from the recieved portion of headers


  A virus on a users machine from an outside domain keeps sending email to a user on my domain. MailScanner is detecting the virus and removing it. But the problem is that I get these emails atleast once an hour. It always comes from the same place. It disguises itself as though the email comes from my domain, but the full headers shows it comes from another domain. For example:





Full headers are:  Return-Path: <g> Received: from test-domain.com (cpe-24-170-49-168.stx.res.rr.com [24.170.49.168])



  My domain is named test-domain.com. I am not on RoadRunner so the rr.com address above is where its originating from. 



  What's the best way to go about blocking this domain or sub-domain so that I stop receiving the notices of detected virus emails from MailScanner. 



  Thanks.



------------------------------------------------------------------------------


  -- 
  MailScanner mailing list
  mailscanner at lists.mailscanner.info
  http://lists.mailscanner.info/mailman/listinfo/mailscanner

  Before posting, read http://wiki.mailscanner.info/posting

  Support MailScanner development - buy the book off the website! 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060321/73c4b853/attachment.html