You are viewing a plain text version of this content. The canonical link for it is here.

Posted to server-user@james.apache.org by sa...@twinix.com on 2008/10/04 20:14:30 UTC

Spam from Fake Local Users

See Thread at: http://www.techienuggets.com/Detail?tx=54938 Posted on behalf of a User

<mailet match="All" class="BayesianAnalysis" onMailetException="ignore">
            <repositoryPath>db://maildb</repositoryPath>
        <maxSize>200000</maxSize>
            <headerName>X-MessageIsSpamProbability</headerName>
            <ignoreLocalSender>true</ignoreLocalSender>
         </mailet>

Ignores local senders from the Bayesian Analysis. This is fine but I notice that if a spammer uses a fake address :

Spammer@mydomain.com where mydomain.com is my domain but Spammer is a fake address James doesn't do any Spam protection. How can I get James to distinguish mail from my users that has truly originated from my local users from people using my domain name to send spam to my users?




---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
For additional commands, e-mail: server-user-help@james.apache.org

Re: Spam from Fake Local Users

Posted by David Legg <da...@searchevent.co.uk>.

Hi Sam,

> <ignoreLocalSender>true</ignoreLocalSender>
>
> Ignores local senders from the Bayesian Analysis. This is fine but I notice that if a spammer uses a fake address :
>
> Spammer@mydomain.com where mydomain.com is my domain but Spammer is a fake address James doesn't do any Spam protection. How can I get James to distinguish mail from my users that has truly originated from my local users from people using my domain name to send spam to my users

The answer is that the 'ignoreLocalSender' tag is useless for most 
situations because, as you rightly point out, it assumes a sender is 
local based on the email's 'From' address; and this is easily faked by a 
spammer.  I made this mistake a while ago because I accidently left it 
set to true.  By default it is set to false and you should leave it that 
way.

I set up my spam processor to assume that anyone who has successfully 
authenticated must be a 'local' user and therefore any email being sent 
by this user should not be spam checked.  I do this by placing the 
following in my main root pipeline in the config.xml file just before 
the bit which does the spam processing: -

         <!-- Messages from authenticated senders are never spam -->
         <mailet match="SMTPAuthSuccessful" class="ToProcessor">
            <processor> transport </processor>
         </mailet>

There is the possibility that a 'local' user's machine gets compromised 
by a trojan and starts sending spam which will be let through by this 
technique but so far that hasn't been a problem.

Regards,
David Legg


---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
For additional commands, e-mail: server-user-help@james.apache.org