Hello,
We have blocked single ip addresses and also ip ranges (SMTP Network Blacklist). However we noticed that spam messages still getting through or being quarantined. Those Phishing messages are usually sent from the ip network clodoserver.ru or other Russian spam networks. It looks like they are abusing good sender domains for their phishing attacks.
How can we completely block ALL spam activity from 62.76.184.0/21? Why do spammer still bypass Sophos UTM Antispam, although the ip range 62.76.184.0/21 has been blocked? Blocking various IP's is working, however it is always being ignored for 62.76.184.0/21. I have attached the mail header.
I highly appreciate any help.
This thread was automatically locked due to age.