Re: spam settings (5mb "nei-group" email every few minutes!)
On Sat, 2003-10-25 at 21:51, Will Trillich wrote:
> we've had a "sales@serensoft.com" alias for a while, and now
> it's killing us. every six to eight minutes we get a new email
> which pretends it's from "@nei-group.com" and it contains
> microso~1 html with a FIVE MEG excel file attached.
>
> every few minutes! over and over again.
>
> i've got each user set up with a .forward that includes
>
> if $return_path contains "@nei-group" then
> seen
> finish
> endif
>
> this at least keeps the partition from overflowing from incoming
> crap, but our bandwidth is still being eaten alive to the tune of
> 5mb (an excel file, purportedly) every few minutes.
If it's coming in directly via an MTA (instead of you fetching
from a pop server), is there any way to block these emails at
the source? Seems like you'd have to get the sending MTA to
to the blocking.
> this is probably something i need to configure in exim, right?
In SA, couldn't you put @nei-group.com in your blacklist?
> (interestingly, it contains some -- probably fake --
> spam-scanned headers, and spamassassin doesn't seem to be
> scanning it; the logs show spam-scanned, but there's no
> X-Spam-Level headers or any other spamassassin fingerprints on
> it. odd!)
Maybe SA doesn't think it's spam?
--
-----------------------------------------------------------------
Ron Johnson, Jr. ron.l.johnson@cox.net
Jefferson, LA USA
"Vanity, my favorite sin."
Larry/John/Satan, "The Devil's Advocate"
Reply to: