Spam with forged From=To ;local domain whitelisted
jkf at ecs.soton.ac.uk
Tue May 21 16:12:41 IST 2002
At 15:51 21/05/2002, you wrote:
>I have been using mailscanner + sophos+spamassassin+vipul's_razor with great
>success for several months now. I have had to put my local domain, and well
>as the university domain in the spam whitelist to avoid false positives,
>given the amount of bulk mail taht circulates locally. This has worked fine
>since all the spam comes from outside. However, a couple days ago we
>received some spam with forged from address equal to the recipient address,
>and that being from the local domain were not tagged as spam.
>Where in the pipeline can I control for this kind of scam?
Have you tried taking yourself out of the spam.whitelist.conf (which is
address-based) and adding your network to "Accept Spam From" in the
mailscanner.conf file (as this is IP-number-based).
Personally I would advise pushing up the SpamAssassin required_hits value
to about 8 as well, I find 5 causes too many false positives.
Julian Field Teaching Systems Manager
jkf at ecs.soton.ac.uk Dept. of Electronics & Computer Science
Tel. 023 8059 2817 University of Southampton
Southampton SO17 1BJ
More information about the MailScanner