Andy Pieters a écrit :
Hi list
We have been receiving a lot of spam from the .jp tld lately. What's more is
this:
Received: from vlaamse-kern.com (pl027.nas934.d-osaka.nttpc.ne.jp
[61.197.82.27])
by giga.vlaamse-kern.com (8.13.1/8.13.1) with SMTP id jADFi1Wo028374
for [EMAIL PROTECTED]; Sun, 13 Nov 2005 16:44:02 +0100
Note that OUR domain is vlaamse-kern.com and that the sender pretends to be
vlaamse-kern.com as well!
you can add an SA rule, but it's easier to block this in the MTA. I
don't use SM, but in postfix, this amounts to creatin a file containing
things like:
vlaamse-kern.com REJECT
.vlaamse-kern.com REJECT
and using that in a helo check (you can replace REJECT with a code+message, such as
"5xx Please be polite").
to do it later, you can setup a rule to catch the above in SA (postfix offers
header checks). but make sure to only catch the bad ones (not yours), so be as
precise as possinle.
Other statistics:
From: =?iso-2022-jp?B?QVRTVVNISQ==?=<[EMAIL PROTECTED]>
From pretends to be hotmail but is not.
This is different. you can use SPF in general or only for some sites.
but you may want to accept mail with sender [EMAIL PROTECTED] when they don't
come from that domain. forwarding is one case, but other cases are
possible. This is really a site dependent decision.
