You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Matt Kettler <mk...@verizon.net> on 2006/12/01 15:36:18 UTC
Re: forged spam emails from my own domain
vertito wrote:
> i am receiving spam emails coming from my own domain.com
> but that email address does not existing from my own domain.com.
>
> say my domain is mydomain.com and that spam email had FROM header that
> shows
>
> whome@mydomain.com
>
> which is currently whitelisted from spamassassin global rules and
> currently does not exist from my users list.
> that is why i am receiving it from my INBOX and not from SPAM folder,
>
> anyone has idea or a script to move this to SPAM folder?
> tnx
sidenote: Do you really have to post in such a large font?
Spamassassin whitelisting rules:
Rule 1. Do not *EVER* use whitelist_from for you domain.. EVER. This is
a bad idea because it is easily forged. Even if your MTA rejects
forgeries, that only applies to the envelope, where SA's whitelisting
will match either the envelope or the From: address Use
whitelist_from_rcvd instead. Whitelist_from_rcvd allows you to dictate
matching part of a Received: header, and you can use this so that only
internal machines will match the whitelist, outside hosts won't.
Rule 2. Actually, don't EVER use whitelist_from for anything if you can
avoid it. whitelist_from_rcvd or whitelist_from_spf are always better to
use when possible.
And, as Craig suggested, configuring your MTA to reject forgeries of
your domain is a good idea. This will only solve those that forge the
envelope from, but this is a large chunk of forged spam and viruses.
Re: forged spam emails from my own domain
Posted by Craig Morrison <cr...@2cah.com>.
vertito wrote:
>
> config: SpamAssassin failed to parse line, "*@yahoo.com" is not valid
> for "whitelist_from_rcvd", skipping: whitelist_from_rcvd *@yahoo.com
>
> i tried your advise but i had a line of error from my maillog, which is
> shown above.
> *@yahoo.com is just for a test.
whitelist_from_rcvd addr@lists.sourceforge.net sourceforge.net
Use this to supplement the whitelist_from addresses with a check
against the Received headers. The first parameter is the address to
whitelist, and the second is a string to match the relay’s rDNS.
--
Craig
Re: forged spam emails from my own domain
Posted by vertito <ve...@aim-consultants.com>.
config: SpamAssassin failed to parse line, "*@yahoo.com" is not valid
for "whitelist_from_rcvd", skipping: whitelist_from_rcvd *@yahoo.com
i tried your advise but i had a line of error from my maillog, which is
shown above.
*@yahoo.com is just for a test.
Matt Kettler wrote:
>vertito wrote:
>
>
>>i am receiving spam emails coming from my own domain.com
>>but that email address does not existing from my own domain.com.
>>
>>say my domain is mydomain.com and that spam email had FROM header that
>>shows
>>
>>whome@mydomain.com
>>
>>which is currently whitelisted from spamassassin global rules and
>>currently does not exist from my users list.
>>that is why i am receiving it from my INBOX and not from SPAM folder,
>>
>>anyone has idea or a script to move this to SPAM folder?
>>tnx
>>
>>
>sidenote: Do you really have to post in such a large font?
>
>Spamassassin whitelisting rules:
>
>Rule 1. Do not *EVER* use whitelist_from for you domain.. EVER. This is
>a bad idea because it is easily forged. Even if your MTA rejects
>forgeries, that only applies to the envelope, where SA's whitelisting
>will match either the envelope or the From: address Use
>whitelist_from_rcvd instead. Whitelist_from_rcvd allows you to dictate
>matching part of a Received: header, and you can use this so that only
>internal machines will match the whitelist, outside hosts won't.
>
>Rule 2. Actually, don't EVER use whitelist_from for anything if you can
>avoid it. whitelist_from_rcvd or whitelist_from_spf are always better to
>use when possible.
>
>
>And, as Craig suggested, configuring your MTA to reject forgeries of
>your domain is a good idea. This will only solve those that forge the
>envelope from, but this is a large chunk of forged spam and viruses.
>
>
>
>
>
RE: forged spam emails from my own domain
Posted by vertito <ve...@aim-consultants.com>.
you wake me up from this one. open community really is helpful as it is obviously a compounded
form of wisdom and knowledge base in general and details.
thanks again matt!
-----Original Message-----
From: Matt Kettler [mailto:mkettler_sa@verizon.net]
Sent: Friday, December 01, 2006 3:36 PM
To: vertito@aim-consultants.com
Cc: users@spamassassin.apache.org
Subject: Re: forged spam emails from my own domain
vertito wrote:
> i am receiving spam emails coming from my own domain.com but that
> email address does not existing from my own domain.com.
>
> say my domain is mydomain.com and that spam email had FROM header that
> shows
>
> whome@mydomain.com
>
> which is currently whitelisted from spamassassin global rules and
> currently does not exist from my users list.
> that is why i am receiving it from my INBOX and not from SPAM folder,
>
> anyone has idea or a script to move this to SPAM folder?
> tnx
sidenote: Do you really have to post in such a large font?
Spamassassin whitelisting rules:
Rule 1. Do not *EVER* use whitelist_from for you domain.. EVER. This is a bad idea because it is
easily forged. Even if your MTA rejects forgeries, that only applies to the envelope, where SA's
whitelisting will match either the envelope or the From: address Use whitelist_from_rcvd instead.
Whitelist_from_rcvd allows you to dictate matching part of a Received: header, and you can use this
so that only internal machines will match the whitelist, outside hosts won't.
Rule 2. Actually, don't EVER use whitelist_from for anything if you can avoid it.
whitelist_from_rcvd or whitelist_from_spf are always better to use when possible.
And, as Craig suggested, configuring your MTA to reject forgeries of your domain is a good idea.
This will only solve those that forge the envelope from, but this is a large chunk of forged spam
and viruses.