You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Rajesh M <24...@24x7server.net> on 2009/09/13 06:44:34 UTC
rules question
hello all
I use qmail toaster with spamassassin -- latest version
i sometimes get spam with both the sender id and recipient id as the same.
Obviously such emails are originating outside my server.
I DO NOT wish to user SPF
what i need to do is as follows
1) get the source ip of the email in a variable.
2) make a rule which checks the domain part of the mailfrom and the ip
address.
3) If the domain is from my server and the ip address is not my server ip
then reject that email
How do i achieve this please ?
rajesh
Re: rules question
Posted by John Hardin <jh...@impsec.org>.
On Sun, 13 Sep 2009, Rajesh M wrote:
Please keep the discussion on-list.
> i use qmail toaster
I'm not familiar with qmail. If it implements the milter interface, then
using milter-regex as I suggested would be an option. Perhaps a qmail
admin will suggest something using qmail's native capabilities.
> and i do not wish to use spf
I understand that. May I ask why you do not?
> is there any solution
I will repeat my suggestion: have your MTA reject any mail with a From:
(envelope or header) claiming to be in your domain where the message does
not originate from your network. You do not need to implement SPF checks
or publish an SPF record to do this.
> rajesh
>
>> On Sun, 13 Sep 2009, Rajesh M wrote:
>>
>>> i sometimes get spam with both the sender id and recipient id as the
>>> same. Obviously such emails are originating outside my server.
>>>
>>> I DO NOT wish to user SPF
>>
>> Why not, if I may ask? Publishing an SPF record seems to cut down on how
>> much your domain is used in sender address forgery.
>>
>>> 3) If the domain is from my server and the ip address is not my server
>>> ip then reject that email
>>>
>>> How do i achieve this please ?
>>
>> It's best to do this sort of poison-pill blacklisting at SMTP time in the
>> MTA, if at all possible, and avoid the overhead SA introduces. What MTA
>> software do you use? Some can be configured to do this natively.
>>
>> I use milter-regex with Sendmail to reject any message that claims to be
>> from my domain but doesn't originate from my network. There are some other
>> high-value tests it performs as well.
>>
>> You can see my sample config at http://www.impsec.org/~jhardin/antispam/
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Democrats '61: Ask not what your country can do for you,
ask what you can do for your country.
Democrats '07: Ask not what your country can do for you,
demand it!
-----------------------------------------------------------------------
4 days until the 222nd anniversary of the signing of the U.S. Constitution
Re: rules question
Posted by John Hardin <jh...@impsec.org>.
On Sun, 13 Sep 2009, Rajesh M wrote:
> i sometimes get spam with both the sender id and recipient id as the
> same. Obviously such emails are originating outside my server.
>
> I DO NOT wish to user SPF
Why not, if I may ask? Publishing an SPF record seems to cut down on how
much your domain is used in sender address forgery.
> 3) If the domain is from my server and the ip address is not my server
> ip then reject that email
>
> How do i achieve this please ?
It's best to do this sort of poison-pill blacklisting at SMTP time in the
MTA, if at all possible, and avoid the overhead SA introduces. What MTA
software do you use? Some can be configured to do this natively.
I use milter-regex with Sendmail to reject any message that claims to be
from my domain but doesn't originate from my network. There are some other
high-value tests it performs as well.
You can see my sample config at http://www.impsec.org/~jhardin/antispam/
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
An operating system design that requires a system reboot in order to
install a document viewing utility does not earn my respect.
-----------------------------------------------------------------------
4 days until the 222nd anniversary of the signing of the U.S. Constitution