[Mimedefang] bounce mail based on To: domain
Ashley M. Kirchner
ashley at pcraft.com
Sun Sep 29 20:34:01 EDT 2002
SpamAssassin did not tag this:
==========
Return-Path: <remove at biggerbreastsnow.com>
Received: from serpico.pcraft.com (serpico.pcraft.com [204.144.132.162])
by users.pcraft.com (8.11.6/8.11.6-mx1) with ESMTP id g8TD8Da01208
for <a_user at pcraft.com>; Sun, 29 Sep 2002 07:08:14 -0600
Received: from 195.61.229.16 ([195.61.229.16])
by serpico.pcraft.com (8.12.6/8.12.6) with SMTP id g8TDDE2f028938
for <a_user at pcraft.com>; Sun, 29 Sep 2002 07:13:19 -0600
Message-Id: <200209291313.g8TDDE2f028938 at serpico.pcraft.com>
From: Amanda <remove at biggerbreastsnow.com>
To: Ezine at serpico.pcraft.com
Cc:
Subject: ~~~~~Naturally Increase Breast Size - Guaranteed!~~~~~~ uwpnt
Sender: Amanda <remove at biggerbreastsnow.com>
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="----------=_1033305200-20349-150"
Date: Sun, 29 Sep 2002 08:59:16 -0700
X-Mailer: Microsoft Outlook Express 5.50.4522.1200
X-Priority: 1
X-Scanned-By: MIMEDefang 2.21 (www . roaringpenguin . com / mimedefang)
==========
As you can see, the To: field has a totally invalid address (as far as our users go), in fact, serpico is a mail gateway (it's the system running MD/SA), so no one should ever email us using that specific hostname/domain combination. How can I block this all together? I'm seeing more and more SPAM arriving at <some_address>@serpico.pcraft.com - which is just a fake header because the email was really intended for a user on our domain (as the example above illustrates.)
--
H | "Life is the art of drawing without an eraser." - John Gardner
+--------------------------------------------------------------------
Ashley M. Kirchner <mailto:ashley at pcraft.com> . 303.442.6410 x130
Director of Internet Operations / SysAdmin . 800.441.3873 x130
Photo Craft Laboratories, Inc. . 3550 Arapahoe Ave, #6
http://www.pcraft.com ..... . . . Boulder, CO 80303, U.S.A.
More information about the MIMEDefang
mailing list