Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: SpamAssassin: users

Neat way to give negative scores when the sender is expected for an email address...

  

 
SpamAssassin users RSS feed   Index | Next | Previous | View Threaded


spamassassin_steve at shic

Nov 13, 2008, 8:30 AM

Post #1 of 5 (532 views)
Permalink
Neat way to give negative scores when the sender is expected for an email address...
I'm contemplating a set-up where I have an email address of the form
"steve_XXXXX@..." where XXXXX changes depending upon to whom the email
address is issued. This means that I can issue "steve_acemeco@..." to
acme corporation - and would want to bias spam detection to assume that
emails to steve_acemeco@... are more likely to be kosher if they
originate from acme.com or acme.co.uk.

Obviously, I can do this in an ad-hoc way using custom rules on the To
field... but - I was wondering - is there a neater approach... given
that I will have a large number of email addresses and associated
"expected sender" domains.

Has anyone tackled this already?


matthias at leisi

Nov 13, 2008, 9:45 AM

Post #2 of 5 (505 views)
Permalink
Re: Neat way to give negative scores when the sender is expected for an email address... [In reply to]
Steve schrieb:

> Has anyone tackled this already?

Many mailservers support "plus addressing", where you use something like
"localpart+token [at] example". You can then use the "token" to do
whatever you like.

For some mailservers, the plus sign is configurable, IIRC.

-- Matthias


sjh at shic

Nov 13, 2008, 10:07 AM

Post #3 of 5 (497 views)
Permalink
Re: Neat way to give negative scores when the sender is expected for an email address... [In reply to]
Matthias Leisi wrote:
> Maybe you wanted to send this to the list, and not only to me? ;)
>
> Steve schrieb:
>
>> Matthias Leisi wrote:
>>
>>> Many mailservers support "plus addressing", where you use something like
>>> "localpart+token [at] example". You can then use the "token" to do
>>> whatever you like.
>>>
>>> For some mailservers, the plus sign is configurable, IIRC.
>>>
>>>
>> Ah, I wasn't clear. I'm clear how I can get as far as having the
>> token... what interests me is if there is a 'neat' way to associate the
>> token with the expected sender domain - then to assign some negative score.
>>
>
> 1) Tell the sender to use his own From: domain, ie
>
> From: joe [at] example
> To: sue+example.com [at] example
>
> 2) Tell the sender to use the current year:
>
> To: sue+2008 [at] example
>
> 3) Tell the sender to use a (global or individual) "password"
>
> To: sue+watermelon [at] example
>
> There are endless possbilities, but this discussion gets maybe OT for
> the sa user list.
>
Thanks, yes, I did intend this to go to the list...

I recognise that there are all these kinds of possibilities... I've a
'codeword' for each sender... and I'm interested to know if there are
any rules that make it easy to establish and configure the mapping
between 'codeword' and expected sender domain. I want to avoid
re-inventing the wheel if this has already been thought about.


jhardin at impsec

Nov 13, 2008, 10:23 AM

Post #4 of 5 (499 views)
Permalink
Re: Neat way to give negative scores when the sender is expected for an email address... [In reply to]
On Thu, 13 Nov 2008, Steve Haeck wrote:

> I recognise that there are all these kinds of possibilities... I've a
> 'codeword' for each sender... and I'm interested to know if there are
> any rules that make it easy to establish and configure the mapping
> between 'codeword' and expected sender domain. I want to avoid
> re-inventing the wheel if this has already been thought about.

whitelist_from_rcvd perhaps?

--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin [at] impsec FALaholic #11174 pgpk -a jhardin [at] impsec
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
We should endeavour to teach our children to be gun-proof
rather than trying to design guns to be child-proof
-----------------------------------------------------------------------


jhardin at impsec

Nov 13, 2008, 10:25 AM

Post #5 of 5 (499 views)
Permalink
Re: Neat way to give negative scores when the sender is expected for an email address... [In reply to]
On Thu, 13 Nov 2008, John Hardin wrote:

> On Thu, 13 Nov 2008, Steve Haeck wrote:
>
>> I recognise that there are all these kinds of possibilities... I've a
>> 'codeword' for each sender... and I'm interested to know if there are
>> any rules that make it easy to establish and configure the mapping
>> between 'codeword' and expected sender domain. I want to avoid
>> re-inventing the wheel if this has already been thought about.
>
> whitelist_from_rcvd perhaps?

No, you're looking at the *recipient* address. Perhaps there needs to be a
whitelist_to_rcvd to compare a *recipient* wildcard to a sending MTA?

--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin [at] impsec FALaholic #11174 pgpk -a jhardin [at] impsec
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
We should endeavour to teach our children to be gun-proof
rather than trying to design guns to be child-proof
-----------------------------------------------------------------------

SpamAssassin users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.