hi all,
i'm only a novice spam fighter, and am in a bit of a pickle. recently i've started to be barraged by spam from a single ip. whoever this is manages to make the emails appear to be from my domain (mail/support/etc@mydomain.com) and they are sent to other addresses at my domain (email/joe/paul/etc@mydomain.com). the messages all claim to be about support issues, account termination, things of this nature - and they all contain a clever attachment which looks like a zip file, but on closer inspection is clearly some sort trojan. anyways, the emails are all quite varied, so it would be difficult to block them by filtering specific words. and blocking the domain would mean that i would be blocking myself from sending email to myself.
i can get this persons ip address from the internet header - all the messages are from the same ip. and i was wondering if anyone knew of anyway to block messages from this ip from entering my mailbox. i looked through spamassasin and webmail spam options, but couldn't find anything. i tried entering this persons ip as a domain to block in spamassasin, but that didn't work.
any ideas would be greatly apreciated, thanks!

Originally posted by manzarek@Jun 21 2005, 04:05 PM
hi all,
i'm only a novice spam fighter, and am in a bit of a pickle. recently i've started to be barraged by spam from a single ip. whoever this is manages to make the emails appear to be from my domain (mail/support/etc@mydomain.com) and they are sent to other addresses at my domain (email/joe/paul/etc@mydomain.com). the messages all claim to be about support issues, account termination, things of this nature - and they all contain a clever attachment which looks like a zip file, but on closer inspection is clearly some sort trojan. anyways, the emails are all quite varied, so it would be difficult to block them by filtering specific words. and blocking the domain would mean that i would be blocking myself from sending email to myself.
i can get this persons ip address from the internet header - all the messages are from the same ip. and i was wondering if anyone knew of anyway to block messages from this ip from entering my mailbox. i looked through spamassasin and webmail spam options, but couldn't find anything. i tried entering this persons ip as a domain to block in spamassasin, but that didn't work.
any ideas would be greatly apreciated, thanks!
Quoted post

We can do an IP address block at the firewall of the server, but since it is a manual process, we'd prefer to add these IPs in batches, rather than one or two at a time - unless there are dozens of spam messages coming from the same IP.

To request IP blocks, open a helpdesk ticket.

i said it before, and i'll say it again. you guys rock! that's what i call service. thanks!

FYI, these are NOT spams, they are virus-generated traffic! Make sure your AV is up to date!!

the ip block, which according to my helpdesk ticket went into effect 2 days ago seemed to be working great. but this morning i started getting the emails again, from the same ip. i'm not sure what happened.

i just downloaded the latest version of AVG anti-virus and did a full system scan, my system is free of virii. i also keep a close eye on spyware and trojans with 'spybot search and destory' and 'hijackthis'.

jeff, if you could take a look at my help desk ticket, i updated some of the info and am not sure if you've seen it yet.


thanks. peace.

Joe just responded to your ticket. Unfortunately, there's nothing else we can do beyond the IP block at the firewall.

It's not your computer that's infected, but rather somebody that you probably know.

Just delete them!


And please, please, please do NOT use HiJackThis without guidance from somebody who knows what they're doing with it. It's a great tool for fixing various computer problems. But unless you know what you're doing, it can also be your worst enemy and ~can~ make your computer into a very expensive paper weight. If you want somebody to look at a log for you, please let me know. (I do HJT analysis on a couple of websites...)