A local Domain is being used to send spam to the server
Posted by - NA -, Last modified by on 05 December 2008 01:43 PM
An increasingly common way for senders to send spam is to use the recipients domain name, or e-mail address as the FROM address
If you are receiving e-mails that are bypassing the Anti-spam engine, as shown in the anti-spam logs, there is a way to stop this behavior from happening.
***.***.***.*** [133C] 11:27:17 KFF48416 '<email@example.com>' '<firstname.lastname@example.org>' 1 score 0.00 reason [Bypass=Q] action NONE
Open up the Icewarp Administration Console and navigate to Mail > Security > General Tab and check the following option:
'Reject if originators domain is local and not authorized'
Once this option is checked, only accounts that have authenticated to the server in some fashion will be able to send to your server using a local domain address. Authentication must happen in one of the following ways:
These forms of authentication will allow legitimate users to still use the system properly.
Third Party SMTP servers
If the accounts on your server are using third party SMTP servers to send e-mail(their ISP's block access on port 25 for outgoing e-mail), there are a couple of other options you can try.