<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2900.2802" name=GENERATOR>
<STYLE>@page Section1 {size: 8.5in 11.0in; margin: 1.0in 1.25in 1.0in 1.25in; }
P.MsoNormal {
FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: "Times New Roman"
}
LI.MsoNormal {
FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: "Times New Roman"
}
DIV.MsoNormal {
FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: "Times New Roman"
}
A:link {
COLOR: blue; TEXT-DECORATION: underline
}
SPAN.MsoHyperlink {
COLOR: blue; TEXT-DECORATION: underline
}
A:visited {
COLOR: #606420; TEXT-DECORATION: underline
}
SPAN.MsoHyperlinkFollowed {
COLOR: #606420; TEXT-DECORATION: underline
}
PRE {
FONT-SIZE: 10pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: "Courier New"
}
TT {
FONT-FAMILY: "Courier New"
}
SPAN.EmailStyle17 {
COLOR: windowtext; FONT-FAMILY: Arial
}
DIV.Section1 {
page: Section1
}
</STYLE>
</HEAD>
<BODY lang=EN-US vLink=#606420 link=blue bgColor=#ffffff>
<DIV><FONT face=Arial size=2>I would say the best way is, in order of
preference, is:</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>Block the sending IP at a firewall</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>Block the sending IP in your MTA</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>Block the sending IP in your spam.blacklist
rules</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>There are probably a lot more, but these are just
the ones I usually use. The preference is based on resources your system would
use.</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>Steve Campbell<BR><A
href="mailto:campbell@cnpapers.com">campbell@cnpapers.com</A><BR>Charleston
Newspapers<BR></FONT></DIV>
<BLOCKQUOTE
style="PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV style="FONT: 10pt arial">----- Original Message ----- </DIV>
<DIV
style="BACKGROUND: #e4e4e4; FONT: 10pt arial; font-color: black"><B>From:</B>
<A title=bhoppe@ti.com href="mailto:bhoppe@ti.com">Brandon Hoppe</A> </DIV>
<DIV style="FONT: 10pt arial"><B>To:</B> <A
title=mailscanner@lists.mailscanner.info
href="mailto:mailscanner@lists.mailscanner.info">mailscanner@lists.mailscanner.info</A>
</DIV>
<DIV style="FONT: 10pt arial"><B>Sent:</B> Tuesday, March 21, 2006 10:56
AM</DIV>
<DIV style="FONT: 10pt arial"><B>Subject:</B> How do I block a domain from the
recieved portion of headers</DIV>
<DIV><BR></DIV>
<DIV class=Section1>
<P class=MsoNormal><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">A virus on a users machine from an
outside domain keeps sending email to a user on my domain. MailScanner is
detecting the virus and removing it. But the problem is that I get these
emails atleast once an hour. It always comes from the same place. It disguises
itself as though the email comes from my domain, but the full headers shows it
comes from another domain. For example:</SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"></SPAN></FONT> </P>
<P class=MsoNormal><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"></SPAN></FONT> </P><PRE><TT><FONT face="Courier New" size=2><SPAN style="FONT-SIZE: 10pt">Full headers are:</SPAN></FONT></TT></PRE><PRE><TT><FONT face="Courier New" size=2><SPAN style="FONT-SIZE: 10pt"> </SPAN></FONT></TT></PRE><PRE><TT><FONT face="Courier New" size=2><SPAN style="FONT-SIZE: 10pt"> Return-Path: <g></SPAN></FONT></TT></PRE><PRE><TT><FONT face="Courier New" size=2><SPAN style="FONT-SIZE: 10pt"> Received: from test-domain.com (cpe-24-170-49-168.stx.res.rr.com </SPAN></FONT></TT></PRE><PRE><TT><FONT face="Courier New" size=2><SPAN style="FONT-SIZE: 10pt">[24.170.49.168])</SPAN></FONT></TT></PRE>
<P class=MsoNormal><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"></SPAN></FONT> </P>
<P class=MsoNormal><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"></SPAN></FONT> </P>
<P class=MsoNormal><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">My domain is named
test-domain.com. I am not on RoadRunner so the rr.com address above is where
its originating from. </SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"></SPAN></FONT> </P>
<P class=MsoNormal><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">Whats the best way to go about
blocking this domain or sub-domain so that I stop receiving the notices of
detected virus emails from MailScanner. </SPAN></FONT></P>
<P class=MsoNormal><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"></SPAN></FONT> </P>
<P class=MsoNormal><FONT face=Arial size=2><SPAN
style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">Thanks.</SPAN></FONT></P></DIV>
<P>
<HR>
<P></P>
<DIV>-- <BR>MailScanner mailing
list<BR>mailscanner@lists.mailscanner.info<BR>http://lists.mailscanner.info/mailman/listinfo/mailscanner<BR><BR>Before
posting, read http://wiki.mailscanner.info/posting<BR><BR>Support MailScanner
development - buy the book off the website!
<BR></DIV></BLOCKQUOTE></BODY></HTML>