LogSat Software

Message Topic Search Topic Options Post Reply Create New Topic Printable Version Translate Topic

    We use the authentication piece with SFE and it works well. But in cases where someone steals or guesses one of my customers passwords it play total havoc. The question I have is there any way to stop the FROM: address being anything  but the authenticated login address? In the case below, someone from Nigeria sent a few hundres thousands email emails thru us after authenticating with kselzer@murphystoregroup.com email address. After realizing what was happening and changing her password I have since selected to block almost all foreign countries for this spamfilter that is used strictly for mail delivery for my customers.

It would be great if there was a filter that checked if the FROM: address in the outgoing email was the same as the authenticated login address, and if different, quarantine it. This would only apply if the authentication part was enabled.

Thanks for listening!

06/13/09 10:00:22:218 -- (3920) Connection from: 82.128.35.0  -  Originating country : Nigeria
06/13/09 10:00:25:609 -- (3920) User authenticated with AUTH LOGIN: kselzer@murphystoregroup.com
06/13/09 10:00:26:890 -- (3920) Received MAIL FROM: <heartfoundation19@rocketmail.com>
06/13/09 10:00:27:531 -- (3920) Received RCPT TO: chris_abel001@yahoo.com
06/13/09 10:00:27:531 -- (3920) Bypassed all rules for: chris_abel001@yahoo.com from heartfoundation19@rocketmail.com ( User authenticated with AUTH LOGIN)
06/13/09 10:00:28:218 -- (3920) Received RCPT TO: danieljerry05@aol.com
06/13/09 10:00:28:218 -- (3920) Bypassed all rules for: danieljerry05@aol.com from heartfoundation19@rocketmail.com ( User authenticated with AUTH LOGIN)
06/13/09 10:00:28:859 -- (3920) Received RCPT TO: danieljerry05@gmail.com
06/13/09 10:00:28:859 -- (3920) Bypassed all rules for: danieljerry05@gmail.com from heartfoundation19@rocketmail.com ( User authenticated with AUTH LOGIN)
06/13/09 10:00:29:515 -- (3920) Received RCPT TO: dr.edward_k2001@live.co.uk
06/13/09 10:00:29:515 -- (3920) Bypassed all rules for: dr.edward_k2001@live.co.uk from heartfoundation19@rocketmail.com ( User authenticated with AUTH LOGIN)
06/13/09 10:00:30:187 -- (3920) Received RCPT TO: dr_edwardkerry@hotmail.com

Author	Message Topic Search Topic Options Post Reply Create New Topic Printable Version Translate Topic
WebGuyz Members Profile Send Private Message Find Members Posts Add to Buddy List Senior Member Joined: 09 May 2005 Location: United States Status: Offline Points: 348	Post Options Post Reply Quote WebGuyz Report Post Thanks(0) Quote Reply Topic: Filter recommendation Posted: 13 June 2009 at 1:23pm
	We use the authentication piece with SFE and it works well. But in cases where someone steals or guesses one of my customers passwords it play total havoc. The question I have is there any way to stop the FROM: address being anything but the authenticated login address? In the case below, someone from Nigeria sent a few hundres thousands email emails thru us after authenticating with kselzer@murphystoregroup.com email address. After realizing what was happening and changing her password `I have since selected to block almost all foreign countries for this spamfilter that is used strictly for mail delivery for my customers.` It would be great if there was a filter that checked if the FROM: address in the outgoing email was the same as the authenticated login address, and if different, quarantine it. This would only apply if the authentication part was enabled. Thanks for listening! 06/13/09 10:00:22:218 -- (3920) Connection from: 82.128.35.0 - Originating country : Nigeria 06/13/09 10:00:25:609 -- (3920) User authenticated with AUTH LOGIN: kselzer@murphystoregroup.com 06/13/09 10:00:26:890 -- (3920) Received MAIL FROM: <heartfoundation19@rocketmail.com> 06/13/09 10:00:27:531 -- (3920) Received RCPT TO: chris_abel001@yahoo.com 06/13/09 10:00:27:531 -- (3920) Bypassed all rules for: chris_abel001@yahoo.com from heartfoundation19@rocketmail.com ( User authenticated with AUTH LOGIN) 06/13/09 10:00:28:218 -- (3920) Received RCPT TO: danieljerry05@aol.com 06/13/09 10:00:28:218 -- (3920) Bypassed all rules for: danieljerry05@aol.com from heartfoundation19@rocketmail.com ( User authenticated with AUTH LOGIN) 06/13/09 10:00:28:859 -- (3920) Received RCPT TO: danieljerry05@gmail.com 06/13/09 10:00:28:859 -- (3920) Bypassed all rules for: danieljerry05@gmail.com from heartfoundation19@rocketmail.com ( User authenticated with AUTH LOGIN) 06/13/09 10:00:29:515 -- (3920) Received RCPT TO: dr.edward_k2001@live.co.uk 06/13/09 10:00:29:515 -- (3920) Bypassed all rules for: dr.edward_k2001@live.co.uk from heartfoundation19@rocketmail.com ( User authenticated with AUTH LOGIN) 06/13/09 10:00:30:187 -- (3920) Received RCPT TO: dr_edwardkerry@hotmail.com
	http://www.webguyz.net

LogSat Software

Site Navigation[Skip]

Spam Filter ISP Support Forum

Filter recommendation