what am I dealing with here?

Mark Sapiro mark at msapiro.net
Tue Apr 1 01:37:30 IST 2008


On Mon, Mar 31, 2008 at 05:14:39PM -0500, admin at lctn.org wrote:
> As long as kms.k12.mn.us has even just an A record in DNS, it will 
> get spam directed to that address. 
> 
> Removing the 10 kms.k12.mn.us MX might help, but probably not 
> completely. 
> 
> All our schools configure their firewall, so they only receive mail from our mailscanner. We leave the MX record in place, incase our server goes down, so they will still get their mail by removing the rule. 


It seems I misunderstood?  I thought you said in your original post that the
connect to kms.k12.mn.us was from a Venezuelan IP. You didn't show any
Received: headers after the alleged connect from
n75.bullet.mail.sp1.yahoo.com [98.136.44.51] to relay-4.lctn.org, so
I don't see that, and maybe I got it wrong.

Now that I look more closely, it seems that the Venezuelan IP was the
possible original source of the message which then passed through some
Yahoo servers to you.

So if your question was how to give this message a higher score, I
defer to Julian's response at
<http://lists.mailscanner.info/pipermail/mailscanner/2008-March/083478.html>.

-- 
Mark Sapiro mark at msapiro net       The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan


More information about the MailScanner mailing list