I have never really worked with Sendmail much and never on an AIX platform. We seem to be besieged with a series of SPAM mailings that hit serveral of our mailists. The offending mail headers look like this:
Received: from 021401a.net (localhost [127.0.0.1]) by postmaster.myserver.org (AIX4.3/8.9.3/8.7) with SMTP id IAA26758 for <email@example.com>; Mon, 6 Sep 2004 08:01:22 -0400
Date: Mon, 06 Sep 2004 08:08:30 -0500
To: "Userseverywhere" <firstname.lastname@example.org>
From: "Everywhereuserseverywhere" <email@example.comS>
Often there will be another SPAM but the Received: field will say 021401a.com. These appear to be bogus domains and I can not reslove them and I am not sure why it shows the localhost IP (127.0.0.1) -- but I have read posts where this is a spammer's ploy to avoid detection. I have no idea if there is a solution or how difficult it is to do this. I am not an AIX Sysadmin and the company is a not-for-profit so buying a third party solution will not be an easy sell. The AIX server probably runs an business app besides being the Mail server so I must avoid "Murphy's Law" at all cost! This company has several Open Source servers which are constant source of problems. The new IT management has come to realize that Open Source does not mean "free"...they still need support. Anyway, there is a moratorium on implementing any further Open Source solutions. So basically, I am stuck with trying to find a way to edit the sendmail.cf file to block/reject and log these types of e-mails.