[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: spam settings (5mb "nei-group" email every few minutes!)

On Sat, 2003-10-25 at 21:51, Will Trillich wrote:
> we've had a "sales@serensoft.com" alias for a while, and now
> it's killing us. every six to eight minutes we get a new email
> which pretends it's from "@nei-group.com" and it contains
> microso~1 html with a FIVE MEG excel file attached.
> every few minutes! over and over again.
> i've got each user set up with a .forward that includes
> 	if $return_path contains "@nei-group" then
> 		seen
> 		finish
> 	endif
> this at least keeps the partition from overflowing from incoming
> crap, but our bandwidth is still being eaten alive to the tune of
> 5mb (an excel file, purportedly) every few minutes.

If it's coming in directly via an MTA (instead of you fetching
from a pop server), is there any way to block these emails at
the source?  Seems like you'd have to get the sending MTA to
to the blocking.

> this is probably something i need to configure in exim, right?

In SA, couldn't you put @nei-group.com in your blacklist?

> (interestingly, it contains some -- probably fake --
> spam-scanned headers, and spamassassin doesn't seem to be
> scanning it; the logs show spam-scanned, but there's no
> X-Spam-Level headers or any other spamassassin fingerprints on
> it. odd!)

Maybe SA doesn't think it's spam?

Ron Johnson, Jr. ron.l.johnson@cox.net
Jefferson, LA USA

"Vanity, my favorite sin."
Larry/John/Satan, "The Devil's Advocate"

Reply to: