Hi Dan,
What we do for out store and forward customers is to lock down their
firewall to only accept port 25 traffic from our IPs. Instant end to the
end-around problem.
I moved a MX record about a week ago for a domain and I am still seeing
about 1000 messages per day still hitting the old IP address and 98% of
them are WEIGHT10 +
Goran Jovanovic
The LAN Shoppe
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:Declude.JunkMail-
> [EMAIL PROTECTED] On Behalf Of Dan Geiser
> Sent: Thursday, November 18, 2004 10:32 AM
> To: [EMAIL PROTECTED]
> Subject: [Declude.JunkMail] Interesting Spamming Technique
>
> Hello, All,
> In addition to doing spam filtering for some of our IMail hosting
> customers
> we also do Store and Forward filtering for a few domains. In the past
day
> or so I've had complaints from Store and Forward customers about an
> increase
> in spam. When I check the headers of the e-mail they are sending to
me I
> don't see any indication that they e-mail was routed through us and
NOT
> picked up as spam. Instead it looks like the mail was delivered
directly
> to
> their e-mail servers and did the end around our Store and Forward.
The
> thing is I have no idea how the spammer even knew the direct IP
addresses
> of
> our customers because those don't show up anywhere in their DNS
records.
> Although I guess they could just be running port scans and checking
for
> responses on port 25 and attempting delivery of spam that way without
> using
> DNS lookups. But part of the IMail Store and Forward documentation
> involves
> locking down the SMTP server to only accept e-mail of the relaying IP
> address. I'm 99% sure that we had the customers lock down their
incoming
> e-mail to only accept connections from us but I need to confirm that.
In
> the meantime has anyone noticed an increase in this direct delivery
method
> which basically ignores the current DNS system?
>
> Thanks In Advance,
> Dan Geiser
> [EMAIL PROTECTED]
>
>
>
-----------------------------------------------------------------------
> Sign up for virus-free and spam-free e-mail with Nexus Technology
Group
> http://www.nexustechgroup.com/mailscan
>
> ---
> [This E-mail was scanned for viruses by Declude Virus
> (http://www.declude.com)]
>
> ---
> This E-mail came from the Declude.JunkMail mailing list. To
> unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
> type "unsubscribe Declude.JunkMail". The archives can be found
> at http://www.mail-archive.com.
---
[This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
