On May 16, 2005 04:20 pm, you wrote: > On Mon, May 16, 2005 at 03:52:34PM -0400, Alex at Avantel wrote: > > May 15 06:08:08 cascades sendmail[25935]: j4FA86lD025935: > > from=<www [ at ] mailer [ dot ] milenio [ dot ] com [ dot ] mx>, size=39237, class=0, nrcpts=0, > > bodytype=8BITMIME, proto=ESMTP, daemon=MTA, > > relay=dsl-201-137-82-106.prod-infinitum.com.mx > > [201.137.82.106] (may be forged) > > > > Anyone know why that last type gets through and what I have to do to > > sendmail to block that? > > You could also block 201.136.* and 201.137.*. According to 'whois' on > that IP in the block above, their netblock is 201.136.0.0/15, which > covers those two prefixes. Not really - that's just the ISP that provides them with service. I only have about 25 ip addresses that they use in that range plus about 100 more in other address blocks. They're not about to be blocked with an * Alex ==== -- This message has been scanned for viruses and dangerous content by Avantel Systems, and is believed to be clean.