A local Domain is being used to send spam to the server
Posted by - NA -, Last modified by on 05 December 2008 01:43 PM

AntiSpam

 

 

Introduction

An increasingly common way for senders to send spam is to use the recipients domain name, or e-mail address as the FROM address
in the sent e-mail. Since the sender is a local domain account this will bypass most anti-spam filtering techniques.

 

Solution

If you are receiving e-mails that are bypassing the Anti-spam engine, as shown in the anti-spam logs, there is a way to stop this behavior from happening.

***.***.***.*** [133C] 11:27:17 KFF48416 '<recipient@mydomain.com>' '<recipient@mydomain.com>' 1 score 0.00 reason [Bypass=Q] action NONE

Open up the Icewarp Administration Console and navigate to Mail > Security > General Tab and check the following option:

'Reject if originators domain is local and not authorized'



Once this option is checked, only accounts that have authenticated to the server in some fashion will be able to send to your server using a local domain address. Authentication must happen in one of the following ways:

  • POP before SMTP

  • Trusted IP/Host

  • SMTP Authentication

These forms of authentication will allow legitimate users to still use the system properly.

Third Party SMTP servers

If the accounts on your server are using third party SMTP servers to send e-mail(their ISP's block access on port 25 for outgoing e-mail), there are a couple of other options you can try.

  1. Have the clients connect to the Icewarp SMTP server on an alternate port. By default IceWarp allows SMTP connections on port 366. This setting can be changed this by going to System > Services > SMTP service > Properties and changing the alternate port to a port designated by the System Administrator. (Any firewalls would need to be configured for this)



  2. Change the way the Auto White List functions.


    Open up Icewarp and go to Anti-spam > Black & White List > White List tab and remove all of the Advanced options for white listing. Those auto white list functions will affect what incoming e-mail will get scanned by the anti-spam engine.