First I hope I'm posting a reply back. I'll try to explain better.
Since I cannot find the log I need to post.
The spam comes from any place. Mostly just foreign IP numbers. Yea we
could block the ip numbers but they change. We also use postini and to
my surprise it even show up through them. This problem does not last
more than 2 weeks if that. For instance on postini it came in for
about two weeks. Not every day. Then I assume postini or whoever fixes
or kicks the spammer off-line. I went with a month and a half one time
with no extra junk. Then it returned. All I see is a person connecting
up. Dropping a message via a ip number. With or without spoofed
address. Then it goes through the system and is sent back out to like
30 recepients. These messages are pretty harmless either. Sometimes
not even a link. Just a stupid message. Example last night I had
somebody go over 20 (that is our number) and we are okay since it was
blocked. Then what we get back is from other email servers saying
connection time out or users does not exist, etc, etc. I figured
either my main.cf file is allowing a open relay that my testing is not
picking up or I'm already doing everything I can to fight this type of
spam. Yes we even put in more firewall rules and that helped too. I
did find one other person having this issue with postini in general.
The answer they got was to turn on autocreate and add all valid users
to postini database. The problem is this cost money for each user
address and I cannot believe this is the only answer. I admit I might
have configured something incorrect even though it worked for more
than a year.
On the other problem. We still get email that is to/from the same
person and it is not from our system. I found a page that said that
said if you added something it will check to see the to/from is not
from your ip number and kills the message. But I cannot find that
info. Even though the ip number can be spoofed. Most of what I see is
not. When you look at the message. Just the to/from address matches
up. The ip does not.
Thanks,
Josh
--
This message has been scanned for viruses and
dangerous content by Mychoice, and is
believed to be clean.
