On Sat, 2003-10-25 at 21:51, Will Trillich wrote: > we've had a "[EMAIL PROTECTED]" alias for a while, and now > it's killing us. every six to eight minutes we get a new email > which pretends it's from "@nei-group.com" and it contains > microso~1 html with a FIVE MEG excel file attached. > > every few minutes! over and over again. > > i've got each user set up with a .forward that includes > > if $return_path contains "@nei-group" then > seen > finish > endif > > this at least keeps the partition from overflowing from incoming > crap, but our bandwidth is still being eaten alive to the tune of > 5mb (an excel file, purportedly) every few minutes.
If it's coming in directly via an MTA (instead of you fetching from a pop server), is there any way to block these emails at the source? Seems like you'd have to get the sending MTA to to the blocking. > this is probably something i need to configure in exim, right? In SA, couldn't you put @nei-group.com in your blacklist? > (interestingly, it contains some -- probably fake -- > spam-scanned headers, and spamassassin doesn't seem to be > scanning it; the logs show spam-scanned, but there's no > X-Spam-Level headers or any other spamassassin fingerprints on > it. odd!) Maybe SA doesn't think it's spam? -- ----------------------------------------------------------------- Ron Johnson, Jr. [EMAIL PROTECTED] Jefferson, LA USA "Vanity, my favorite sin." Larry/John/Satan, "The Devil's Advocate" -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
