Spam from (forged) whitelist domain

Andy Alsup aalsup at USDLA.COM
Sun Dec 21 22:47:49 GMT 2003


Maybe I'm missunderstanding something, but I don't think IP based
whitelist will do what I need.

My users send mail from mostly the wild internet through various ISPs,
and only occasionally from the office DSL.  I would have to whitelist
the sending client IP to whitelist in this way right?  which means I
would have to whitelist the ranges of IPs they connect from?  This
covers a huge range of IPs.  ATT Dialup, Roadrunner Cable, Bellsouth DSL
etc.   Users are always authenticated to my server to send though.  (I
think, no SMTP ISP proxies that I know of...  AOL etc)

What I want to distinguish is spammers sending mail with a forged from
header, who are not authenticated to my server as real users, while
still protecting my own authenticated users from getting their mail
marked as possible spam.

Does the whitelist check  look at the sending client IP, or the sending
server IP?  (Assuming the my users only send from my server, and only
authenticated users are allowed to send from there.)

Thanks.


Julian Field wrote:

> Exactly what I was about to suggest. You can use pretty much any of the
> standard/common ways of expressing IP ranges and network subnets.
>
> At 22:51 19/12/2003, you wrote:
>
>> Just a thought, and I'm not sure this is correct, but perhaps you can
>> whitelist your domain by IP instead of by name.
>>
>> -Eric Rz.
>>
>> On Fri, Dec 19, 2003 at 02:35:39PM -0800, Andy Alsup wrote:
>> > I see a nontirvial volume of Spam that gets through to users using
>> > forged headers with my domain as the from.  These are typically to:
>> > user at mydomain from: user at mydomain
>> >
>> > My domain is whitelisted, so when a forged header comes along,  I
>> get a
>> > spam score that would have dealt with the spam, but it is whitelisted,
>> > so delivered anyway.
>> >
>> > Is there a way to deal with this?
>> >
>> > Thanks.
>
>
> --
> Julian Field
> www.MailScanner.info
> Professional Support Services at www.MailScanner.biz
> MailScanner thanks transtec Computers for their support
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>



More information about the MailScanner mailing list