You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by "Dan Mahoney, System Admin" <da...@prime.gushi.org> on 2004/09/15 22:05:41 UTC
Spammers Bypassing Whitelists
I'm seeing spammers bypass whitelists by appending a few characters to my
own username and using it as their own.
--
"This Is Not Goodbye!"
-DM, August 11th 2001, 10 PMish Chicago Time
--------Dan Mahoney--------
Techie, Sysadmin, WebGeek
Gushi on efnet/undernet IRC
ICQ: 13735144 AIM: LarpGM
Site: http://www.gushi.org
---------------------------
Re: Spammers Bypassing Whitelists
Posted by Evan Platt <ev...@espphotography.com>.
At 01:05 PM 9/15/2004, you wrote:
>I'm seeing spammers bypass whitelists by appending a few characters to my
>own username and using it as their own.
I'm confused. What address is whitelested (from? to?) and who is receiving
the spam? Are they sending say other users on your system spam, and your
address is whitelisted? Something's not done correctly if this is the case.
Evan
Re: Spammers Bypassing Whitelists
Posted by Matt Kettler <mk...@evi-inc.com>.
At 04:05 PM 9/15/2004, Dan Mahoney, System Admin wrote:
>I'm seeing spammers bypass whitelists by appending a few characters to my
>own username and using it as their own.
Rule #1.. Never whitelist_from your own domain.. It doesn't work. Spammers
always forge From: addresses and frequently forge your own domain as the
sender.
whitelist_from contains absolutely no anti-forgery tactics. It's just a
pure, simple "whitelist everything with this From: address, regardless of
where it came from" type system, and is intended to be a last-ditch method
to get a particular sender past SA when nothing else will work.
This isn't something that's going to be fixed in whitelist_from, except to
the extent that it was already fixed in 2.40 by introducing
whitelist_from_rcvd as a semi-secure replacement.
If you must whitelist your domain, use whitelist_from_rcvd, which also
checks the Received: headers. Note you'll want to include two parameters
when doing this, the second of which should be a reverse-dns machine name
that will appear in mail you send, but not in mail coming from the outside.
i.e.: I could use: whitelist_from mkettler@evi-inc.com tcp-6-249.evi-inc.com