ilikeuce at bornefeld-ettmann
Oct 27, 2009, 6:20 PM
Post #3 of 9
(1311 views)
Permalink
|
|
Re: How to reject spam where sender = receiver
[In reply to]
|
|
John Hardin schrieb:
> On Tue, 27 Oct 2009, rpc1 wrote:
>
>>
>> My spamassassin plug doesn't check mail where sender address and receiver
>> address are equal. Like this
>>
>> Return-Path: <op [at] domen>
>> X-Spam-Status: No, hits=0.0 required=3.2
>> tests=DNSBL_RELAYS.ORDB.ORG: 5.00,DNSBL_BL.SPAMCOP.NET:
>> 5.00,DNSBL_SBL-XBL.SPAMHAUS.ORG: 5.00,
>> BAYES_99: 4.07,HELO_DYNAMIC_IPADDR2: 3.818,HTML_IMAGE_ONLY_32:
>> 1.052,
>> HTML_MESSAGE: 0.001,MIME_HTML_ONLY: 0.001,NO_REAL_NAME: 0.961,
>> URIBL_AB_SURBL: 3.812,URIBL_JP_SURBL: 4.087,URIBL_OB_SURBL: 3.008,
>> URIBL_SBL: 1.639,URIBL_SC_SURBL: 4.498,URIBL_WS_SURBL: 2.14,
>> CUSTOM_RULE_FROM: ALLOW,TOTAL_SCORE: 44.087
>> X-Spam-Level:
>> Received: from 75-148-3-221-WashingtonDC.hfc.comcastbusiness.net
>> ([75.148.3.221])
>> by mail.tvtb.ru
>> for op [at] domen;
>> Sun, 25 Oct 2009 07:53:00 +1000
>> To: operzal [at] tvtb
>> Subject: A path leading to your well-being
>> From: <op [at] domen>
>> MIME-Version: 1.0
>> Importance: High
>> Content-Type: text/html
>>
>> How can I create a new rule which will check equity fields TO and
>> FROM ???
>
> I would suggest that is not really what you want to do, as you'll rarely
> see that on spam that isn't addressed to your domain. What you probably
> want to do is reject mail that is claiming to be from your domain, but
> does not actually originate from your domain - in other words, mail
> where someone is forging your domain name on the sender address.
>
> Is that a better description of what you want to do?
>
> That has been covered several times, I am pretty sure within the last
> month. Please check the list archives for the past two months for a
> thread having a subject like "to = from". You'll find a discussion of
> setting up an SPF record for your domain and using whitelist_from_auth
> to enforce it, and another discussion (involving me) of using
> milter-regex to reject such forged sender addresses at SMTP time. Both
> methods work well, I would modestly say milter-regex works better
> because it bypasses SA and is thus a lighter solution overall.
>
> <mutter>Maybe I should throw a rule like that into the sandbox and see
> how well it does...</mutter>
>
If you do not like SPF and you do not have remote users who are allowed
to send mail with local domain you can add a rule to header checks.
e.g Postfix :
/etc/postfix/header_checks :
/^From:.*example\.com/ REJECT
Cheers
Ralph
|
signature.asc
