Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 1 subscriber
  • Views 845 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Spam mail notification recurrence

johnmunyi
Hi Guys, am on ASG 7.509 and this is thesecond time am noticing this issue, under the mail manager SMTP log am getting this notification of a rejected:spam mail from the same email address to a specific email address that i host repeatedly almost twice in a single minute.

the most amazing thing is that this mail appears to have been rejected since 3rd of Feb 2011 and is appearing in 374 pages of my SMTP log.

Kindly help, this is quite abnormal because no user can send emails in such frequency of like 2 every minutes. is this a real spam or ASg is reporting hoaxes.[:(]


This thread was automatically locked due to age.
  • 0
    Sounds like an attack by a spambot.  Why not create a DNAT to null route all traffic from that IP to a non-existant IP.  You have to use a DNAT instead of a Static route because DNATs are considered before proxies, and static routes are considered after.

    Maybe the remote sender keeps trying to resend because you're rejecting the email.  Another thing you could try is blacklisting the sender address - that causes the Proxy to accept the message and blackhole it.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0
    Thanks Bob,

    I will blackhole it !!! but i would also be intrested i knowing how to create a DNAT , mind posting the steps if its not a long one?
  • 0
    Assume your internal network is 10.20.30.1/24, you have nothing at 10.20.30.351 and the offending IP is 65.75.85.95.

    Traffic Source: {65.75.85.95} 
    Traffic Service: SMTP
    Traffic Destination: External (Address) {or whatever is the target of your MX record}

    NAT mode: DNAT (Destination)

    Destination: {10.20.30.351}  {it may work if this is left blank - I'd be interested to know if someone tries it blank}
    Destination Service: {leave empty when not changing}

    Automatic 
    packet filter rule: {unchecked!}



    Since there's no packet filter rule, the traffic is dropped.  Even if the traffic were allowed, the bits would still have no place to go.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA