Problems with spam getting around a filter.

By faradhi ·
I am working with a friend who is using Postfix on a RHEL3 server. He has iptables blocking port 25 traffic from everywhere except his anti-spam service. He is still receiving mail that reports in the email header that it is coming from other IP addresses.

I have looked at the mail log and it is only reporting connections from the spam service's ips.

So my working theory is that IP is being spoofed and the headers are wrong. Is this possible? Any suggestions on how to prove this theory.

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

Well, it's gotta get there somehow....

by robo_dev In reply to Problems with spam gettin ...

The way to prove it is to implement an ingress filter to block any packet that orginates from inside your domain.

Use tcpdump or similar protocol analysis tool to observe IP spoofing....

Collapse -

A little late getting back to you

by faradhi In reply to Well, it's gotta get ther ...

Thanks robo, I do not think it is spoofing but now have no idea what the **** is going on.

I am still chewing it and maybe I will stumble across something. If you have any other suggestions on how to track this problem down, please let me know.


Related Discussions

Related Forums