A local Domain is being used to send spam to the server.
Posted by on 01 August 2012 01:37 PM

An increasingly common way for senders to send spam is to use the recipients domain name, or e-mail address as the FROM address in the sent e-mail. Since the sender is a local domain account this will bypass most anti-spam filtering techniques.

If you are receiving e-mails that are bypassing the Anti-spam engine, as shown in the anti-spam logs, there is way to stop this behavior from happening.

***.***.***.*** [133C] 11:27:17 KFF48416 '<recipient@mydomain.com>' '<recipient@mydomain.com>' 1 score 0.00 reason [Bypass=Q] action NONE

Open up the Icewarp Console and go to the [Mail service] [Security] [General Tab] and check the option:

'reject if originators domain is local and not authorized'.

Once this option is checked, only accounts that have authenticated to the server in some fashion will be able to send to your server using a local domain address. Authentication must happen in one of the following ways: POP before SMTP, Trusted IP/Host, or SMTP Authentication. These forms of authentication will allow legitimate users to still use the system properly.

Third Party SMTP servers

If the accounts on your server are using third party SMTP servers to send e-mail(their ISP's block access on port 25 for outgoing e-mail) there are a couple of other options you can try.

1- Have the clients connect to the Icewarp SMTP server on an alternate port. By default IceWarp allows SMTP connections on port 366. This setting can be changed this by going to [System] [Services] [SMTP service properties] and changing the alternate port to a port designated by the System Administrator. (Any firewalls would need to be configured for this).

2- Change the way the Auto White list functions.

Open up Icewarp and go to [Anti-spam] [Black/White list] [White list] and remove all of the Advanced options for white listing. Those auto white list functions will affect what incoming e-mail will get scanned by the anti-spam.