You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by "Daniel A. de Araujo" <da...@itautec-philco.com.br> on 2004/10/22 19:08:44 UTC
White lists
Hi guys,
I am having some problems when the users access some pages that has the
"send this article to a friend" resource, because the message arrives with
the sender�s address that is filled in the page and not with a specific
account.
So its impossible to set the address as a white-listed.
Any ideas how to solve it ?
Txs,
Daniel.
Re: White lists
Posted by Matt Kettler <mk...@evi-inc.com>.
At 01:08 PM 10/22/2004, Daniel A. de Araujo wrote:
>I am having some problems when the users access some pages that has the
>"send this article to a friend" resource, because the message arrives with
>the sender´s address that is filled in the page and not with a specific
>account.
>So its impossible to set the address as a white-listed.
>
Are you sure? Look at the Return-Path header..
That much should always be the same, or at least the same domain. SA treats
Return-Path as an alternative to From:, among some other headers, and will
check all resulting addresses against whitelist_from and
whitelist_from_rcvd rules.
Re: White lists
Posted by Kris Deugau <kd...@vianet.ca>.
"Daniel A. de Araujo" wrote:
> I am having some problems when the users access some pages that has
> the "send this article to a friend" resource, because the message
> arrives with the sender´s address that is filled in the page and not
> with a specific account.
> So its impossible to set the address as a white-listed.
>
> Any ideas how to solve it ?
Write some custom rules to trigger on these messages- if they're legit,
they *will* have some consistent segments you can use. Assign negative
scores to those tests. (A test that checks your boundary server's
Received: header to see if the message came into your system from a
specific host is a good test; it's extremely difficult to forge. Not
impossible, but difficult. I've got a few of those IIRC.)
I don't recall any trouble with such sites myself recently; there were
occasional messages with (IIRC) SA2.3x or 2.4x that got caught like
this.
-kgd
--
Get your mouse off of there! You don't know where that email has been!