what am I dealing with here?
Mark Sapiro
mark at msapiro.net
Mon Mar 31 22:17:05 IST 2008
On Mon, Mar 31, 2008 at 10:53:29AM -0500, admin at lctn.org wrote:
> I got a call from a school we scan mail for, complaining they are getting some inappropriate email, which is sailing through our scanner with a very low score.
>
> I found the message shows it is being delivered by some other server from Venezuela, with our relay server listed second from the bottom. The header is not showing accurate information either on some of the messages, as far as To, and From
That's probably all forged. The MXs listed for kms.k12.mn.us are
10 kms.k12.mn.us
5 relay-2.lctn.org
Any spammer can concoct a message with whatever bogus Received: headers
they like and send it directly to kms.k12.mn.us and bypass you entirely.
If I could tell you how to stop that, I'd be famous as the person who
saved email from the spammers.
As long as kms.k12.mn.us has even just an A record in DNS, it will
get spam directed to that address.
Removing the 10 kms.k12.mn.us MX might help, but probably not
completely.
--
Mark Sapiro mark at msapiro net The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
More information about the MailScanner
mailing list