You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by NetComrade <ne...@yahoo.com> on 2007/07/31 19:54:47 UTC
Reject spam from my own domain
We have whitelisted our domain, but now we have spam coming from users that
claim they're in our domain.
What's the best way to fight it?
--
View this message in context: http://www.nabble.com/Reject-spam-from-my-own-domain-tf4194651.html#a11929292
Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
Re: Reject spam from my own domain
Posted by Jim Maul <jm...@elih.org>.
NetComrade wrote:
> We have whitelisted our domain, but now we have spam coming from users that
> claim they're in our domain.
>
> What's the best way to fight it?
You REALLY dont want to whitelist your own domain. Your seeing why
right now. Use SPF? or perhaps a whitelist rule thats less prone to
forgery? Whitelist_from_spf or something similar?
-Jim
Re: Reject spam from my own domain
Posted by Bob Proulx <bo...@proulx.com>.
NetComrade wrote:
> We have whitelisted our domain, but now we have spam coming from users that
> claim they're in our domain.
>
> What's the best way to fight it?
The best way is to reject it at smtp time. It must be done at smtp
time because rejecting at any other time would cause you to be a
source of backscatter spam and you would not want that. If you can't
reject at smtp time then the best that you can do is to discard the
spam later which means that you can't whitelist your own domain and
will have to scan for it the same as any other suspect mail.
The best reference of which I am aware for rejecting at smtp time is
the one for Postfix. If you are using Postfix for your MTA then this
will slip right in. If you are using something else then I don't
know. This is what I am using and it works very well for me. YMMV.
http://www.postfix.org/BACKSCATTER_README.html
Bob
Re: Reject spam from my own domain
Posted by "John D. Hardin" <jh...@impsec.org>.
On Tue, 31 Jul 2007, NetComrade wrote:
> We have whitelisted our domain, but now we have spam coming from
> users that claim they're in our domain.
>
> What's the best way to fight it?
How exactly did you "whitelist your domain"? whitelist_from is a
last resort even though it's the most appealing. You really want to
use whitelist_from_rcvd or whitelist_from_spf.
Publish SPF records; that will help you out as well as everyone else.
If you can guarantee that mail addressed from your domain will only
ever originate at your mail server, you can put some mechanism in
place in the MTA to reject any message with your domain in the From
envelope address unless it originates in your local network. How you
do this depends on which MTA you use.
I can make suggestions for sendmail; another place to ask if you
deside to do this would be the mailing list specific to your MTA.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
A sword is never a killer, it is but a tool in the killer's hands.
-- Lucius Annaeus Seneca (Martial) 4BC-65AD
-----------------------------------------------------------------------
4 days until The 272nd anniversary of John Peter Zenger's acquittal