Spam with forged From=To ;local domain whitelisted

Julian Field jkf at ecs.soton.ac.uk
Tue May 21 16:12:41 IST 2002


At 15:51 21/05/2002, you wrote:
>I have been using mailscanner + sophos+spamassassin+vipul's_razor with great
>success for several months now. I have had to put my local domain, and well
>as the university domain in the spam whitelist to avoid false positives,
>given the amount of bulk mail taht circulates locally. This has worked fine
>since all the spam comes from outside. However, a couple days ago we
>received some spam with forged from address equal to the recipient address,
>and that being from the local domain were not tagged as spam.
>
>Where in the pipeline can I control for this kind of scam?

Have you tried taking yourself out of the spam.whitelist.conf (which is
address-based) and adding your network to "Accept Spam From" in the
mailscanner.conf file (as this is IP-number-based).

Personally I would advise pushing up the SpamAssassin required_hits value
to about 8 as well, I find 5 causes too many false positives.
--
Julian Field                Teaching Systems Manager
jkf at ecs.soton.ac.uk         Dept. of Electronics & Computer Science
Tel. 023 8059 2817          University of Southampton
                             Southampton SO17 1BJ



More information about the MailScanner mailing list