With SMTP Proxy enabled on the UTM220, most of our users are typically >98% spam free every month. It seems since upgrading to 9.309-3, that emails spoofed as being sent from our users to their own addresses from IP's outside our address space are being delivered, despite Missing RDNS, Greylisting and SPF Check being enabled.
Example:
F= R= Accepted: to postmaster
The sender IP address listed in Mail Manager and the User Portal clearly contains an invalid IP address (not our own mx IP's) and there is no FQDN or SPF records coinciding with these invalid IP's.
Our own DNS records contain SPF, DKIM and rDNS records, so it's unclear why the UTM is passing spoofed mail.
It should be noted that when spam email originates from a sender other than a (spoofed) verified recipient, that these anti-spam features work as expected.
Any ideas?
Thanks,
- RB
This thread was automatically locked due to age.
