There is a form of virus infection attempt that uses what appears to be an admin email from the mail system team. The latest one that I have seen claimed that we were shutting down the mail system for two days and in order to continue to receive mail the user had to do some configuration stuff via an attached file. The file is probably a virus of course.

Is there some way to block all emails claiming to be from a domain that is being used by a Gmail install that are not actually registered users with the gmail installation?

bob


.:SEAWEAD:.

If you've got 2.2.3, then for incoming mail that comes in through incoming.pl, you can use the incoming::validate hook. With that you could look at the From of the header passed in and do a lookup of that address in the user database.

Of course, the proper solution to this would be to do SMTP level virus scanning. This would either remove the attachment, or reject the email.

Adrian

Hi.

You are on a WHM/Cpanel VDS if my memory serves me right.
So As Adrian suggested with respect to the Bogus Mails you could the following at SMTP Level:

(1). Block All Messages presenting your interface address in HELO/EHLO
(2). Block All Messages presenting your localdomains in HELO/EHLO
(3). Activate the antivirus/dangerous content filter from WHM
(4). Install ClamAV and reject all infected Messages. Quit Mailscanner route if you are using one as cpanel has already stopped support for this. But be careful that since you are on a VDS (implying shared resources/limite resources), do not install the default installation from WHM as it also scans for file uploads.
(5). Block fake bounce messages, by checking a recipient count and bounce messages are not delivered to multiple recepients.

This is the minimum you could do.

HyTC