I need to do something VERY simple (i think) 98% of the mail making it through to my users is all received from a relay in asia: 18.104.22.168.
I want to tell spam assassin to kill all messages with
Received: from 22.214.171.124
before they are even delivered.
They are all virus mails.
I get mails from the zimbra admin user letting me know that every day, and its almost as annoying as spam:
could I get simple instructions?
From: "Content-filter at mail.domain.org" <firstname.lastname@example.org>
Subject: VIRUS (Worm.SomeFool.Gen-2) IN MAIL TO YOU (from <?@[126.96.36.199]>)
Our content checker found
in an email to you from unknown sender:
claiming to be: <email@example.com>
First upstream SMTP client IP address: [188.8.131.52]
According to the 'Received:' trace, the message originated at:
domain.org (unknown [184.108.40.206])
Our internal reference code for the message is 03331-05/zRH71qzb08K4.
The message has been quarantined as:
Please contact your system administrator for details.