Spam with sender from own domain

martijngroenen · ‎12-01-2009

I have a problem by a customer of my where I have installed a Cisco Spam & Virus Blocker and the blocker will stops the most of all the Spam message. But the users will get a Spam message where the sender is from a internal domain but when I looked at the message details I see that it comes from outside. So it looks like someone spoofs the senders because the mailtjes are Spam I want to stops this but I don't know how I can configure this or how this can? Can someone help me with this problem?

bethingt · ‎12-02-2009

You will need to look at the mail logs and look at the ICID and see where the mail is coming from. The Blocker will do a reverse DNS lookup on all mail so the original IP address will be within the ICID. Now a few things to look at when dealing with Spam is to 1. Make sure the mail is going through the Blocker. 2. Did the Mail get Scanned by the Spam engine. (there is a size limitation on all scans it may have exceeded that size limit). 3. If the blocker did classify it as clean mail you can send the mail as an attachment (needs to be the original piece of mail saved as an attachment because if you forward the mail it looses header information) to spam@access.ironport.com. there they will review the mail and if needed make adjustments to the spam engines. Hope this helps!!

Brian

martijngroenen · ‎12-02-2009

I will check tomorrow the mail logs and take a look at the ICID but if just set a SPF record will this problem also stop?

dzavasni · ‎12-03-2009

A PTR record (reverse DNS) should be sufficient in most situations. That ICID will tell us a good bit. Headers showing the mail's transit would also be helpful in isolating the problem.