You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Paul Andrews <pa...@prospeed.net> on 2006/12/28 22:27:40 UTC
whitelisting "from" and not "return path" addresses
HI,
After whitelisting my own email address, it seems that spammers will frequently put my own email address in the "return path" but not in the "from". Is it possible for Spam Assassin to make a distinction between the two so that it will block such messages? Below is an example of such headers.
----------------------
Return-Path: <pa...@prospeed.net>
X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on mail.prospeed.net
X-Spam-Level:
X-Spam-Status: No, score=-75.6 required=4.7 tests=BAYES_80,EXTRA_MPART_TYPE,
FORGED_RCVD_HELO,FUZZY_OCR,HTML_90_100,HTML_IMAGE_ONLY_08,
HTML_MESSAGE,MIME_HTML_MOSTLY,RCVD_HELO_IP_MISMATCH,RCVD_IN_SORBS_WEB,
RCVD_IN_XBL,RCVD_NUMERIC_HELO,UNPARSEABLE_RELAY,USER_IN_WHITELIST
autolearn=no version=3.1.7
Received: from 82.79.197.4 (86-122-136-2.rdsnet.ro [86.122.136.2] (may be forged))
by mail.prospeed.net (8.13.6/8.13.6) with ESMTP id kBSKH6sn023009
for <pa...@prospeed.net>; Thu, 28 Dec 2006 15:17:07 -0500
Received: from fm-bank.com.s8b2.psmtp.com (port=6583 helo=upmydjbtqx)
by 82.79.197.4 with smtp
id 8fRjB-boT0U-56
for pandrews@prospeed.net; Thu, 28 Dec 2006 22:17:10 +0200
Message-ID: <00...@upmydjbtqx>
From: "Leonard West" <sc...@fm-bank.com>
To: pandrews@prospeed.net
Subject: wicked shall not; that he his wages be in sending a
Date: Thu, 28 Dec 2006 22:17:10 +0200
MIME-Version: 1.0
Content-Type: multipart/related;
type="multipart/alternative";
boundary="----=_NextPart_000_000C_01C72ACD.E74AF4E0"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2871
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2871
Thanks,
Paul
Re: whitelisting "from" and not "return path" addresses
Posted by JamesDR <ja...@trusswood.net>.
Paul Andrews wrote:
> HI,
> After whitelisting my own email address, it seems that spammers will
> frequently put my own email address in the "return path" but not in the
> "from". Is it possible for Spam Assassin to make a distinction between
> the two so that it will block such messages? Below is an example of
> such headers.
You'd not want to just whitelist your name, you'd want to tie it to
something, like if you auth'd (not sure how to do this), SPF
(whitelist_from_spf), or ip (whitelist_from_rcvd).
It is very easy for spammers to use your email as the 'sender'. Another
option is to (just shots in the dark) to override the whitelist (+100 or
so) when the mail is from you... to you. I'm not sure how one would do
this. But these are all ideas.
--
Thanks,
James