1. This forum is read-only and considered to be an Archive. Please utilize the SmarterTools Community for future interaction and posts.

Need tips for stopping excessive spam

Discussion in 'SmarterMail' started by jslucido, Dec 11, 2008.

  1. jslucido

    jslucido New Member

    We are having an excessive amount of spam messages hit our mail server (SmarterMail 5.1) over the past week or so (nothing new there), however they are never being routed to SpamAssassin since the sender's email address is the same as the receipt's address. To clarify this point, here is the header from one of the spam messages:
    Return-Path: <jeff@xyzmanuf.com>
    Received: from 42-125.127-70.tampabay.res.rr.com [70.127.125.42] by rcs02.xyzmanuf.local with SMTP;
    Thu, 11 Dec 2008 14:37:05 -0600
    To: <jeff@xyzmanuf.com>
    Subject: Re: Order status
    From: <jeff@xyzmanuf.com>
    MIME-Version: 1.0
    Content-Type: text/html
    X-SmarterMail-Spam: SPF_None
    X-SmarterMail-TotalSpamWeight: 0 (Intra-Domain)

    You can see the message clearly comes from an external source, however the spam weight given to the message is zero since SmarterMail thinks the message is an internal message. The messages are really getting annoying and he who holds the purse strings wants it to stop. Unfortunately I am up against a wall here. Does anyone have any recommendations (outside of the obvious additional software/hardware) on how I can get this to stop with the SmarterMail app. I already have installed?
    Thanks for the help!
  2. jill

    jill New Member

    You might try adding at least one rbl. The specific ip you listed is blacklisted just about everywhere. I can recommend zen.spamhaus.org from personal experience.
  3. rchisholm

    rchisholm Member

    Make sure you don't have Disable spam filtering on intra-domain email checked under the options under Antispam Administration. Also, make sure they don't have their own email address in their address book or trusted senders. Any of these things will cause this type of spam to come straight through.
  4. Scotter

    Scotter New Member

    I'm having the same problems.

    In trusted senders I do not have my own email address. I do have my domain name. However: (a) I've added the "trusted senders" content rule AFTER a rule that looks for email from "me" and deletes those emails. When creating this content rule to look for email from "fake me", I created two different rules. One looks for "from specific addresses" under "from address" and the other rule looks for "from address" under "contains specific words or phrases". I made sure these two rules are ABOVE the "trusted senders" rule. Yet, these spams are still getting through.

    Another, possibly related question: Are these content rules case sensitive?
  5. rchisholm

    rchisholm Member

    Your domain name in your trusted senders is doing it. Take that out, make sure you have SPF set up correctly, and use a couple good RBL's and your problem will go away as long as you don't disable intra-domain checking.
  6. Scotter

    Scotter New Member

    Thanks! One question. Can you please explain what you mean by this: "don't disable intra-domain checking"
  7. rchisholm

    rchisholm Member

    You have to be logged in as the server admin. It's under the options under Antispam Administration. If it is checked, the server will skip the spam checks on email claiming to be from the same domain.
  8. Scotter

    Scotter New Member

    Aha. I see I should have worded it this way: Does "intra-domain checking" *verify* the domain of where an email claims to have come from? And by your answer above, it sounds like it does not. This makes sense. Thanks!