I need to do something VERY simple (i think) 98% of the mail making it through to my users is all received from a relay in asia: 220.127.116.11.
I want to tell spam assassin to kill all messages with
Received: from 18.104.22.168
before they are even delivered.
They are all virus mails.
I get mails from the zimbra admin user letting me know that every day, and its almost as annoying as spam:
could I get simple instructions?
From: "Content-filter at mail.domain.org" <email@example.com>
Subject: VIRUS (Worm.SomeFool.Gen-2) IN MAIL TO YOU (from <?@[22.214.171.124]>)
Our content checker found
in an email to you from unknown sender:
claiming to be: <firstname.lastname@example.org>
First upstream SMTP client IP address: [126.96.36.199]
According to the 'Received:' trace, the message originated at:
domain.org (unknown [188.8.131.52])
Our internal reference code for the message is 03331-05/zRH71qzb08K4.
The message has been quarantined as:
Please contact your system administrator for details.