Hi,

I have a client that is currently getting alot of emails coming from fake email addresses at their own domain. support@ or register@ and they are the type that say their email account is closed. Is there a simple way to block any email addresses from the domain that are not real addresses, without listing each and every email?

Thanks.

doubt it...

I don't know of a program that does exactly what you're referring to, though it is a pretty good idea and theorhetically should be possible. However the addresses you're referring to are most likely virus-generated, and as such there are only a finite number that are possible. I see stuff from

admin
administrator
support
sales
info
information

etc, fairly often. The best way to get a list would be to figure out which virus is generating the messages and lookup the Symantec write up on the virus - that will often tell you all the possible names that the virus can come from. For example, the so-called Sober virus can be seen here:

http://securityresponse.symantec.com/avcenter/venc/data/w32.sober.o@mm.html

and according to that information the English version shows the sender as

Service@[random domain]
Webmaster@[random domain]
Register@[random domain]
Info@[random domain]
Hostmaster@[random domain]
Postmaster@[random domain]
Admin@[random domain]

IN this case I wouldn't advise blocking those because they could be legit email addresses, however if you have similar problem with the virus faking your own domain you could setup a filter to reject anything from

Service@[YOURDOMAIN]
Webmaster@[YOURDOMAIN]
Register@[YOURDOMAIN]
Info@[YOURDOMAIN]
Hostmaster@[YOURDOMAIN]
Postmaster@[YOURDOMAIN]
Admin@[YOURDOMAIN]

I had the same problem on my account today and Norton email virus scan caught them.

This is a recently discovered virus and it evidently gets its emails by scanning html pages that contain email addresses.

More info and specifics at Symantec's site.

It is REALLY confusing getting virus-generated emails appearing as if they are official and coming from my own site!

I woudl think with an spf record set up on an account that the spam filter would figure out these bs emails are not coming from an spf allowed IP.

But it looks like smartermail is ignoring the spf check for all emails supposedly coming from my domain even after we set up an SPF.
Is this a bug in smartermail?

If thespf record wsa checked for all incomging mail supposedly from my domain it would all quickly get tagged as spam.

found out that smartermail is typically set not to check intradomain emails for spam. So spam with a spoofed name from your domain can make it's way in.

You might be able to turn on intradomain spam checks and then whitelist all your domains real emails.

I found an alternate approach though:

1) set up one rule looking for certain from email adresses and put in your domain's list of valid emails. Have it do nothing if it matches. (if you have a problem doign nothing have it add a line to the header like "whitelisted address" or something- just so it does something.
2) add another rule BELOW the first rule that looking for your domain and tell it to junk, delete, whatever you want, all those emails.

The rules get ran in order and stop as soon as they find a match. SO once they hit the first rule with the acceptable addresses it will stop processing. If the emails dont match your white list and it keeps processing and you hit the rule that it's from your domain (but wasn't on the whitelist) it will nuke the message.