Re: How is it possible?

[Dave Aronson <sfbasics2dave () davearonson com>]

"Monty Ree" <chulmin2 () hotmail com> wrote:

> But, some user(I don't know him) sends lots of spam mails through
> this smtp server so I  have filtered that IP addr. then after some
> minutes he send spam mails again using other IP address which  is not
> same network range. for example,
>
> He sends spams like this..
>
> 1.1.1.1 --> I filtered, then after 1-2 minutes later
> 2.2.2.2 -->  I filtered, then after 1-2 minutes later
> 3.3.3.3 -->  I filtered, then after 1-2 minutes later
> 4.4.4.4 -->  I filtered, then after 1-2 minutes later
> 5.5.5.5  ......
>
> Surely, all IPs are one ISP network but network range is not same...
>
> The spammer using proxy server?
>
> How is it possible? and how to solve against this attack?

Sounds to me like he's spoofing the origin IP address.  Exactly where are 
you finding the IP address he's sending from?  I'm guessing it's the 
HELO, or possibly the first Received line, both of which are trivially 
spoofed.

Is this spam going to your clients, or some other site for which you 
generally are responsible for routing the mail?  Or are you running an 
open relay?  If the latter, secure it and either he will stop, or at 
least it will minimize the damage to the net....