Hi,
we've received spam messages from a mail server on a foreign IP address that claims to be a mail server of our own domain (using our mail domain in EHLO). The messages itself carry a faked sender address of our own domain. This raises two questions:
1) Why does the UTM accept mails from a mail server that pretends to belong to our domain when it doesn't in the first way? My understanding is that the UTM knows legitimate mail hosts of our domain from relay settings so it should be able to tell if a mail server tells the truth on this matter. Is that correct? Is there any way to change this behaviour?
2) If I add our own domain to the sender blacklist, do I have to add exceptions for our own hosts/networks (maybe "AntiSpam checking")?
This thread was automatically locked due to age.
