ecasarero at gmail.com
Thu Aug 20 18:22:20 IST 2009
2009/8/20 Kevin Miller <Kevin_Miller at ci.juneau.ak.us>
> I'm being bombarded with a ton of spam that claims to be from localhost
> (but the IP isn't in the 127. range). They are false NDRs, bouncing off of
> foreign servers. A large number of my users are being joe-jobbed, and the
> remote servers send the NDRs here. Here's a couple of examples from the the
> mail log:
> Aug 20 06:32:30 mx2 sendmail-in: n7KEVnN7025703: from=<
> qvmanifestation at grahamevinson.com>, size=0, class=0, nrcpts=0,
> proto=ESMTP, daemon=MTA, relay=localhost [22.214.171.124] (may be forged)
> Aug 20 07:34:33 mx2 sendmail-in: n7KFYJdI029611: from=<
> kzmatrimony at ivory.plala.or.jp>, size=0, class=0, nrcpts=0, proto=ESMTP,
> daemon=MTA, relay=localhost [126.96.36.199] (may be forged)
> I'd really like to be able to block them at the MTA level, but barring
> that, a spamassassin rule would do nicely. Anybody have a rule available
> that would fit the bill? There are too many sources to try to blacklist -
> I'd be playing whack-a-mole all day long.
do you use greylisting?
> (I've been on vacation the past few weeks, so if this has been discussed
> please let me know the subject line.)
> Kevin Miller Registered Linux User No: 307357
> CBJ MIS Dept. Network Systems Admin., Mail Admin.
> 155 South Seward Street ph: (907) 586-0242
> Juneau, Alaska 99801 fax: (907 586-4500 --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> Before posting, read http://wiki.mailscanner.info/posting
> Support MailScanner development - buy the book off the website!
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the MailScanner