Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 1 subscriber
  • Views 3107 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Blocking domain to domain spam

edisoft
Let me explain.

We are receiving loads of email that supposedly comes from our domain but it doesn't, like someone sending email to himself.

example:

someone@somedomain.com to someone@somedomain.com

After analyzing headers the email came from some IP that doesn't have permission to send for our domain.
Shouldn't SFP catch those emails?

Anyway, adding "*@somedomain.com" to the black list is stopping the flood and seems that normal email are not affected by this.

Anyone thinks that this is a good way to stop this kind of spam?

Thanks.


This thread was automatically locked due to age.
Parents
  • 0
    Turn on BATV (Bounce Address Tag Validation) in your Astaro.
  • 0 in reply to edisoft
    BATV is already active


    My bad.  I misread your original message and thought you were getting e-mail that mimicked "bounced" messages from your own servers, not original messages.  I assume now that's not the case...

    SPF does a lookup to make sure the domain name and sending IP jive, but when it's your own domain name that it's coming from... Not sure about that one.

    Have you tried greylisting?  If it's commercial SPAM, that might resolve it.

    Or blacklisting - you'd have to test that one thoroughly - as you mentioned.

    Or, how about if they come from only a selected group of sources, can you setup packet filters to reject traffic from those IP's?
Reply
  • 0 in reply to edisoft
    BATV is already active


    My bad.  I misread your original message and thought you were getting e-mail that mimicked "bounced" messages from your own servers, not original messages.  I assume now that's not the case...

    SPF does a lookup to make sure the domain name and sending IP jive, but when it's your own domain name that it's coming from... Not sure about that one.

    Have you tried greylisting?  If it's commercial SPAM, that might resolve it.

    Or blacklisting - you'd have to test that one thoroughly - as you mentioned.

    Or, how about if they come from only a selected group of sources, can you setup packet filters to reject traffic from those IP's?
Children
  • 0 in reply to eganders_01
    I like your solution of blacklisting yourself, but you're right that your SPF record should handle this for you.  Are you sure that your SPF record is correct?  If you want to send me an email, I'd be glad to test it for you.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    I'm considering trying this too....

    smtp blacklisting my own domain! I've tried greylisting, BATV and nothing seems to work, been fighting this for a while!!!!

    example:

    -----Original Message-----
    From: me@callfcu.org [mailto:me@mydomain.org]
    Sent: None
    To: me@mydomain.org
    Subject: Supersize your manhood today
    Importance: High


    I'd like to get supporting info, to help me decide.... anyone else done this??

    Thanks!
  • 0 in reply to Jlewiss
    Actually, now that I think about it, I wonder if you might have whitelisted your own domain.  I can't ever remember this being a problem even as far back as V3.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Cookie Information Banner