You are viewing a plain text version of this content. The canonical link for it is here.
Posted to server-user@james.apache.org by sa...@twinix.com on 2008/10/04 20:14:30 UTC
Spam from Fake Local Users
See Thread at: http://www.techienuggets.com/Detail?tx=54938 Posted on behalf of a User
<mailet match="All" class="BayesianAnalysis" onMailetException="ignore">
<repositoryPath>db://maildb</repositoryPath>
<maxSize>200000</maxSize>
<headerName>X-MessageIsSpamProbability</headerName>
<ignoreLocalSender>true</ignoreLocalSender>
</mailet>
Ignores local senders from the Bayesian Analysis. This is fine but I notice that if a spammer uses a fake address :
Spammer@mydomain.com where mydomain.com is my domain but Spammer is a fake address James doesn't do any Spam protection. How can I get James to distinguish mail from my users that has truly originated from my local users from people using my domain name to send spam to my users?
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
For additional commands, e-mail: server-user-help@james.apache.org
Re: Spam from Fake Local Users
Posted by David Legg <da...@searchevent.co.uk>.
Hi Sam,
> <ignoreLocalSender>true</ignoreLocalSender>
>
> Ignores local senders from the Bayesian Analysis. This is fine but I notice that if a spammer uses a fake address :
>
> Spammer@mydomain.com where mydomain.com is my domain but Spammer is a fake address James doesn't do any Spam protection. How can I get James to distinguish mail from my users that has truly originated from my local users from people using my domain name to send spam to my users
The answer is that the 'ignoreLocalSender' tag is useless for most
situations because, as you rightly point out, it assumes a sender is
local based on the email's 'From' address; and this is easily faked by a
spammer. I made this mistake a while ago because I accidently left it
set to true. By default it is set to false and you should leave it that
way.
I set up my spam processor to assume that anyone who has successfully
authenticated must be a 'local' user and therefore any email being sent
by this user should not be spam checked. I do this by placing the
following in my main root pipeline in the config.xml file just before
the bit which does the spam processing: -
<!-- Messages from authenticated senders are never spam -->
<mailet match="SMTPAuthSuccessful" class="ToProcessor">
<processor> transport </processor>
</mailet>
There is the possibility that a 'local' user's machine gets compromised
by a trojan and starts sending spam which will be let through by this
technique but so far that hasn't been a problem.
Regards,
David Legg
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
For additional commands, e-mail: server-user-help@james.apache.org