How do I block a domain from the recieved portion of headers

Steve Campbell campbell at
Tue Mar 21 16:11:04 GMT 2006

I would say the best way is, in order of preference, is:

Block the sending IP at a firewall

Block the sending IP in your MTA

Block the sending IP in your spam.blacklist rules

There are probably a lot more, but these are just the ones I usually use. The preference is based on resources your system would use.

Steve Campbell
campbell at
Charleston Newspapers

  ----- Original Message ----- 
  From: Brandon Hoppe 
  To: mailscanner at 
  Sent: Tuesday, March 21, 2006 10:56 AM
  Subject: How do I block a domain from the recieved portion of headers

  A virus on a users machine from an outside domain keeps sending email to a user on my domain. MailScanner is detecting the virus and removing it. But the problem is that I get these emails atleast once an hour. It always comes from the same place. It disguises itself as though the email comes from my domain, but the full headers shows it comes from another domain. For example:

Full headers are:  Return-Path: <g> Received: from ( [])

  My domain is named I am not on RoadRunner so the address above is where its originating from. 

  What's the best way to go about blocking this domain or sub-domain so that I stop receiving the notices of detected virus emails from MailScanner. 



  MailScanner mailing list
  mailscanner at

  Before posting, read

  Support MailScanner development - buy the book off the website! 
-------------- next part --------------
An HTML attachment was scrubbed...

More information about the MailScanner mailing list