You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by us...@eurower.com on 2007/08/24 13:46:10 UTC

Combine whitelist_to and whitelist_from

Invoke method : UsedViaProcmail
Version : 3.1.9 (2007-02-13)
Platform : Linux Fedora 2.6.20-1.2925.fc6

Hello,
imagin a newsletters or order mail sent by an seller website with the 
from address : *@sellermail.com
I have in my mail system an address like sellermail.com@mydomain.com

With that, I can trace where my emails are sent in order to trace spam 
and site that sell my email.
So, only *@sellermail.com can send me mail on 
sellermail.com@mydomain.com (theorical)

The problem is that on a mailing list, the sellermail.com@mydomain.com 
is used by spamer and they send me spam on sellermail.com@mydomain.com.

Is it possible to combine whitelist_from and whitelist_to in order to 
tag "no spam" mails with 2 conditions :
whitelist_from *@sellermail.com AND whitelist_to 
sellermail.com@mydomain.com  OK

So, if a spammer i_am_spam@spam.com send me a mail on 
sellermail.com@mydomain.com, the second conditions will be OK but not 
the first and spamassassin will considere it as spam !

Thank you for your help ...

Yves

Re: Combine whitelist_to and whitelist_from

Posted by us...@eurower.com.

users-spamassassin@eurower.com a écrit :
> Matus UHLAR - fantomas a écrit :
>> On 24.08.07 13:46, users-spamassassin@eurower.com wrote:
>>  
>>> imagin a newsletters or order mail sent by an seller website with 
>>> the from address : *@sellermail.com
>>> I have in my mail system an address like sellermail.com@mydomain.com
>>>
>>> With that, I can trace where my emails are sent in order to trace 
>>> spam and site that sell my email.
>>> So, only *@sellermail.com can send me mail on 
>>> sellermail.com@mydomain.com (theorical)
>>>
>>> The problem is that on a mailing list, the 
>>> sellermail.com@mydomain.com is used by spamer and they send me spam 
>>> on sellermail.com@mydomain.com.
>>>
>>> Is it possible to combine whitelist_from and whitelist_to in order 
>>> to tag "no spam" mails with 2 conditions :
>>> whitelist_from *@sellermail.com AND whitelist_to 
>>> sellermail.com@mydomain.com  OK
>>>
>>> So, if a spammer i_am_spam@spam.com send me a mail on 
>>> sellermail.com@mydomain.com, the second conditions will be OK but 
>>> not the first and spamassassin will considere it as spam !
>>>     
>>
>> the from address can be as easily faked as the to address. I have 
>> seen on
>> this mailing list many reports from users whitelisting their own address
>> somehow and thus getting false positives.
>>
>> What you are searching for, is whitelist_from_rcvd which combined from
>> address with address of mailserver the mail was received from, or 
>> better,
>> whitelist_auth, if the outgoing domain supports SPF (sellermail.com does
>> not...)
>>
>> -- Matus UHLAR - fantomas,
>> uhlar@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to 
>> receive
>> e-mail advertising to this address. Varovanie: na tuto adresu chcem
>> NEDOSTAVAT akukolvek reklamnu postu. Your mouse has moved. Windows NT 
>> will
>> now restart for changes to take to take effect. [OK]
>>   
> Hummm, thanks,
>
> I saw that and try but severals website send for example :
>
> *@sellermail.com send a mail to me on sellermail.com@mydomain.com from 
> the provider.com or webhosted.com that are internet or server hosted 
> provider.
>
> The probleme in this case is that type of seller can change their sender
> server. Meanwhile, it won't change the from or or to address (rarely).
> So the from and to combinated are best that test on headers rcvd (for
> me) ....
>
> Yves
>
>
>

Re: Combine whitelist_to and whitelist_from

Posted by Matus UHLAR - fantomas <uh...@fantomas.sk>.

On 24.08.07 13:46, users-spamassassin@eurower.com wrote:
> imagin a newsletters or order mail sent by an seller website with the 
> from address : *@sellermail.com
> I have in my mail system an address like sellermail.com@mydomain.com
> 
> With that, I can trace where my emails are sent in order to trace spam 
> and site that sell my email.
> So, only *@sellermail.com can send me mail on 
> sellermail.com@mydomain.com (theorical)
> 
> The problem is that on a mailing list, the sellermail.com@mydomain.com 
> is used by spamer and they send me spam on sellermail.com@mydomain.com.
> 
> Is it possible to combine whitelist_from and whitelist_to in order to 
> tag "no spam" mails with 2 conditions :
> whitelist_from *@sellermail.com AND whitelist_to 
> sellermail.com@mydomain.com  OK
> 
> So, if a spammer i_am_spam@spam.com send me a mail on 
> sellermail.com@mydomain.com, the second conditions will be OK but not 
> the first and spamassassin will considere it as spam !

the from address can be as easily faked as the to address. I have seen on
this mailing list many reports from users whitelisting their own address
somehow and thus getting false positives.

What you are searching for, is whitelist_from_rcvd which combined from
address with address of mailserver the mail was received from, or better,
whitelist_auth, if the outgoing domain supports SPF (sellermail.com does
not...)

-- Matus UHLAR - fantomas,
uhlar@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive
e-mail advertising to this address. Varovanie: na tuto adresu chcem
NEDOSTAVAT akukolvek reklamnu postu. Your mouse has moved. Windows NT will
now restart for changes to take to take effect. [OK]