Print Page | Close Window

Filter recommendation

Printed From: LogSat Software
Category: Spam Filter ISP
Forum Name: Spam Filter ISP Support
Forum Description: General support for Spam Filter ISP
URL: https://www.logsat.com/spamfilter/forums/forum_posts.asp?TID=6687
Printed Date: 05 February 2025 at 1:48am


Topic: Filter recommendation
Posted By: WebGuyz
Subject: Filter recommendation
Date Posted: 13 June 2009 at 1:23pm
 We use the authentication piece with SFE and it works well. But in cases where someone steals or guesses one of my customers passwords it play total havoc. The question I have is there any way to stop the FROM: address being anything  but the authenticated login address? In the case below, someone from Nigeria sent a few hundres thousands email emails thru us after authenticating with mailto:kselzer@murphystoregroup.com - kselzer@murphystoregroup.com email address. After realizing what was happening and changing her password I have since selected to block almost all foreign countries for this spamfilter that is used strictly for mail delivery for my customers.

It would be great if there was a filter that checked if the FROM: address in the outgoing email was the same as the authenticated login address, and if different, quarantine it. This would only apply if the authentication part was enabled.
 
Thanks for listening!

06/13/09 10:00:22:218 -- (3920) Connection from: 82.128.35.0  -  Originating country : Nigeria
06/13/09 10:00:25:609 -- (3920) User authenticated with AUTH LOGIN: mailto:kselzer@murphystoregroup.com - kselzer@murphystoregroup.com
06/13/09 10:00:26:890 -- (3920) Received MAIL FROM: <heartfoundation19@rocketmail.com>
06/13/09 10:00:27:531 -- (3920) Received RCPT TO: chris_abel001@yahoo.com
06/13/09 10:00:27:531 -- (3920) Bypassed all rules for: chris_abel001@yahoo.com from heartfoundation19@rocketmail.com ( User authenticated with AUTH LOGIN)
06/13/09 10:00:28:218 -- (3920) Received RCPT TO: danieljerry05@aol.com
06/13/09 10:00:28:218 -- (3920) Bypassed all rules for: danieljerry05@aol.com from heartfoundation19@rocketmail.com ( User authenticated with AUTH LOGIN)
06/13/09 10:00:28:859 -- (3920) Received RCPT TO: danieljerry05@gmail.com
06/13/09 10:00:28:859 -- (3920) Bypassed all rules for: danieljerry05@gmail.com from heartfoundation19@rocketmail.com ( User authenticated with AUTH LOGIN)
06/13/09 10:00:29:515 -- (3920) Received RCPT TO: dr.edward_k2001@live.co.uk
06/13/09 10:00:29:515 -- (3920) Bypassed all rules for: dr.edward_k2001@live.co.uk from heartfoundation19@rocketmail.com ( User authenticated with AUTH LOGIN)
06/13/09 10:00:30:187 -- (3920) Received RCPT TO: dr_edwardkerry@hotmail.com


-------------
http://www.webguyz.net


Print Page | Close Window