[Mimedefang] bounce mail based on To: domain

Ashley M. Kirchner ashley at pcraft.com
Sun Sep 29 20:34:01 EDT 2002

    SpamAssassin did not tag this:

Return-Path: <remove at biggerbreastsnow.com>
Received: from serpico.pcraft.com (serpico.pcraft.com [])
        by users.pcraft.com (8.11.6/8.11.6-mx1) with ESMTP id g8TD8Da01208
        for <a_user at pcraft.com>; Sun, 29 Sep 2002 07:08:14 -0600
Received: from ([])
        by serpico.pcraft.com (8.12.6/8.12.6) with SMTP id g8TDDE2f028938
        for <a_user at pcraft.com>; Sun, 29 Sep 2002 07:13:19 -0600
Message-Id: <200209291313.g8TDDE2f028938 at serpico.pcraft.com>
From: Amanda <remove at biggerbreastsnow.com>
To: Ezine at serpico.pcraft.com
Subject: ~~~~~Naturally Increase Breast Size - Guaranteed!~~~~~~ uwpnt
Sender: Amanda <remove at biggerbreastsnow.com>
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="----------=_1033305200-20349-150"
Date: Sun, 29 Sep 2002 08:59:16 -0700
X-Mailer: Microsoft Outlook Express 5.50.4522.1200
X-Priority: 1
X-Scanned-By: MIMEDefang 2.21 (www . roaringpenguin . com / mimedefang)

    As you can see, the To: field has a totally invalid address (as far as our users go), in fact, serpico is a mail gateway (it's the system running MD/SA), so no one should ever email us using that specific hostname/domain combination.  How can I block this all together?  I'm seeing more and more SPAM arriving at <some_address>@serpico.pcraft.com - which is just a fake header because the email was really intended for a user on our domain (as the example above illustrates.)

H | "Life is the art of drawing without an eraser." - John Gardner
  Ashley M. Kirchner <mailto:ashley at pcraft.com>   .   303.442.6410 x130
  Director of Internet Operations / SysAdmin    .     800.441.3873 x130
  Photo Craft Laboratories, Inc.            .     3550 Arapahoe Ave, #6
  http://www.pcraft.com ..... .  .    .       Boulder, CO 80303, U.S.A.

More information about the MIMEDefang mailing list