You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Dean Clapper <dc...@universitycoop.com> on 2007/04/04 20:33:13 UTC
Whitelist Spam
A couple of emails are getting through that are being marked as not spam
but is clearly spam. The problem is the spammers put in the from line our
domain. However, the return path is something totally different.
Is there a good way to handle these messages that get through?
thanks
Dean
Re: Whitelist Spam
Posted by ram <ra...@netcore.co.in>.
On Wed, 2007-04-04 at 13:33 -0500, Dean Clapper wrote:
> A couple of emails are getting through that are being marked as not spam
> but is clearly spam. The problem is the spammers put in the from line our
> domain. However, the return path is something totally different.
>
> Is there a good way to handle these messages that get through?
Never whitelist your own domain.
If you have problems with your own domain mails getting marked spam ,
Either
1) Try routing your outgoing mails such a way that an internal mails
does not go through the scan
2) If mails from "universitycoop.com" must get scanned ask all users to
send on an smtp-authed session, and your MTA will add headers which can
be used for whitelisting
3) Or simply use SPF records and whitelist_from_spf , you could even
reject mails that dont pass SPF, so that these mails are blocked right
at the gate
Thanks
Ram
Re: Whitelist Spam
Posted by "John D. Hardin" <jh...@impsec.org>.
On Wed, 4 Apr 2007, Dean Clapper wrote:
> A couple of emails are getting through that are being marked as
> not spam but is clearly spam. The problem is the spammers put in
> the from line our domain. However, the return path is something
> totally different.
>
> Is there a good way to handle these messages that get through?
Are you by any chance using "whitelist_from"?
If so, stop using it. As you're seeing, that is trivially easy to
bypass through header forgery. Read the config documentation for
"whitelist_from_rcvd", it is much more robust.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Windows Genuine Advantage (WGA) means that now you use your
computer at the sufferance of Microsoft Corporation. They can
kill it remotely without your consent at any time for any reason.
-----------------------------------------------------------------------
9 days until Thomas Jefferson's 264th Birthday