Allow in legitimate email that's commonly spammed
|
Logged in as: Guest
|
|
Users viewing this topic:
none
|
|
Login  | |
|
Allow in legitimate email that's commonly spammed - 13.Jun.2008 7:05:06 AM
|
|
|
Popolou
Posts: 67
Joined: 14.Apr.2004
Status: offline
|
Hey all,
Does anyone have a quick solution on how i can allow in email from a domain that is often used for spam attacks?
For example, whitelisting the MIME From: domain for our clients (a large bank) is having the secondary effect of allowing spam messages with malformed headers. I've sent a request for their MX server IP's, but in the meantime i would like an alternative method that would allow mail in from them yet still block out the UCE.
The SMTP From: is rarely used, but i assume it would work in this case?
Cheers,
Pop
|
|
|
|
|
RE: Allow in legitimate email that's commonly spammed - 16.Jun.2008 9:56:44 AM
|
|
|
josephdebono
Posts: 14
Joined: 24.Sep.2007
Status: offline
|
Hi there,
If I understood correctly, your clients' addresses are being spoofed and emails seem to be received from these clients. If that is the case it might be a bit of a problem because whitelisting the client's email address or domain would immediatly whitelist the email and prevent it from being scanned. What I may suggest is that you perhaps increase the priority of some of the modules such as DNS blacklist so that the IPs are scanned before the email is whitelisted.
Another options would be to remove the address/domain from the email whitelist and add the MX server of the client to the IP whitelist. To find out which IPs are to whitelisted you may either check the received lines within the headers of your emails or use nslookup.exe.
Start -> Run -> nslookup
Type: Set query=mx
Type the domain name of your client
It should return all the MX records of your client's domain.
I hope this helps. Feel free to let me know if you have any more problems.
_____________________________
Regards,
Joseph DeBono
GFI Software Ltd - www.gfi.com
Messaging, Content Security & Network Security Software
GFI: MailEssentials - MailSecurity - MailArchiver - FAXmaker - LANguard – WebMonitor
|
|
|
|
|
RE: Allow in legitimate email that's commonly spammed - 17.Jun.2008 11:32:47 AM
|
|
|
Popolou
Posts: 67
Joined: 14.Apr.2004
Status: offline
|
Hi there,
Thanks for your post.
Yes, our plan was to get the IP's so that we can get round this issue. However, in the meantime, would whitelisting via SMTP From: as opposed to MIME From: allow in mail from the legitimate sender while filtering the illegitimate as spam?
Regards
Pop
|
|
|
|
|
RE: Allow in legitimate email that's commonly spammed - 18.Jun.2008 3:37:16 AM
|
|
|
josephdebono
Posts: 14
Joined: 24.Sep.2007
Status: offline
|
Hi again,
Unfortunately the 'SMTP from:' can be spoofed as well but you may give it a try and see how it goes. Enabling SPF may be useful in your case as well if your clients' mail servers are correctly set up.
_____________________________
Regards,
Joseph DeBono
GFI Software Ltd - www.gfi.com
Messaging, Content Security & Network Security Software
GFI: MailEssentials - MailSecurity - MailArchiver - FAXmaker - LANguard – WebMonitor
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
|
Printable Version
