Any chance of blocking these?

James Gray james at
Sun Jun 7 04:27:33 IST 2009

On 07/06/2009, at 6:52 AM, Ljósnet wrote:

> Hello, I have a small problem with few MS Exchange servers who are
> infected with some kind of virus/trojan. They are sending mail through
> my gateway which is fine, but I need to be able to stop them from
> sending mail which dont have any valid address in from=< > field until
> I get the system administrator to clean their server.
> In the maillog it looks like this:
> sendmail[12542]: n56Ki9EY012542: from=<>, size=23860, class=0,
> nrcpts=1, msgid=<fiplj8nhX00000e8f at>, proto=ESMTP,
> daemon=MTA, relay=[]
> Is it possible to somehow stop servers/clients from being able to send
> through my gateway when there is no valid from= address?

Looks like a bounce message to me; "From=<>" is what the MTA uses when  
it returns a message to the envelope sender to advise them of non- 
delivery (among other things).  You can certainly block them, but that  
would violate the RFC's.  A better solution would be to block the  
entire Exchange server until the admins clean up their act.  If a  
virus/trojan is spewing fake bounces (aka, "back-scatter spam" etc)  
then what's to say it wont start sending other malicious content??



More information about the MailScanner mailing list