You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Paul Andrews <pa...@prospeed.net> on 2007/01/03 16:13:39 UTC
Re: whitelisting "from" and not "return path" addresses
HI,
After whitelisting my own email address, it seems that spammers will frequently put my own email address in the "return path" but not in the "from". Is it possible for Spam Assassin to make a distinction between the two so that it will not match the "return address" to the whitelisted address? Below is an example of such headers:
----------------------
Return-Path: <pa...@prospeed.net> <------------- My address which is white listed
X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on mail.prospeed.net
X-Spam-Level:
X-Spam-Status: No, score=-75.6 required=4.7 tests=BAYES_80,EXTRA_MPART_TYPE,
FORGED_RCVD_HELO,FUZZY_OCR,HTML_90_100,HTML_IMAGE_ONLY_08,
HTML_MESSAGE,MIME_HTML_MOSTLY,RCVD_HELO_IP_MISMATCH,RCVD_IN_SORBS_WEB,
RCVD_IN_XBL,RCVD_NUMERIC_HELO,UNPARSEABLE_RELAY,USER_IN_WHITELIST
autolearn=no version=3.1.7
Received: from 82.79.197.4 (86-122-136-2.rdsnet.ro [86.122.136.2] (may be forged))
by mail.prospeed.net (8.13.6/8.13.6) with ESMTP id kBSKH6sn023009
for <pa...@prospeed.net>; Thu, 28 Dec 2006 15:17:07 -0500
Received: from fm-bank.com.s8b2.psmtp.com (port=6583 helo=upmydjbtqx)
by 82.79.197.4 with smtp
id 8fRjB-boT0U-56
for pandrews@prospeed.net; Thu, 28 Dec 2006 22:17:10 +0200
Message-ID: <00...@upmydjbtqx>
From: "Leonard West" <sc...@fm-bank.com> <------------------ not my address, not in whitelist
To: pandrews@prospeed.net
Subject: wicked shall not; that he his wages be in sending a
Date: Thu, 28 Dec 2006 22:17:10 +0200
MIME-Version: 1.0
Content-Type: multipart/related;
type="multipart/alternative";
boundary="----=_NextPart_000_000C_01C72ACD.E74AF4E0"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2871
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2871
Thanks,
Paul
Re: whitelisting "from" and not "return path" addresses
Posted by "John D. Hardin" <jh...@impsec.org>.
On Wed, 3 Jan 2007, Paul Andrews wrote:
> After whitelisting my own email address,
The canonical answer: Don't Do That. The headers are too easy to
forge.
You should only use the authenticated whitelists (i.e.
whitelist_from_spf, whitelist_from_rcvd).
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Users mistake widespread adoption of Microsoft Office as the
development of a standard document format.
-----------------------------------------------------------------------
14 days until Benjamin Franklin's 301st Birthday