How can a flag mail from specific mail relays as spam

Matt Kettler mkettler at EVI-INC.COM
Thu Oct 7 17:14:21 IST 2004


<x-flowed>
At 11:28 AM 10/7/2004, BB wrote:
>Recently had discussions about secondary mail server giving us the
>most spam.  Some of it still gets through sa filters.
>
>Would actually like to create our own secondary and setup as tarpit as
>no valid mail should be sent to them if primary is up.

That statement is a common misconception, but it is completely incorrect.
Legitimate mail does sometimes go to your secondary, even if the primary is up.

No legitimate mailler will try the secondary, unless it fails to connect to
the primary. This is true. However, failures can happen at any point in the
internet, not just your end.

Mind you that a sending network might have an outage. Their network might
be down when they try the primary, but may be back up when it tries the
secondary. This is perfectly ordinary, legitimate situation in which valid
email will go to your secondary, even if your primary is up.

It is true that more spam goes to the secondary, but it's simply not true
that no legitimate mail will go to the secondary if the primary stays up.


>Before doing the above, is there a way to flag mail coming from the
>secondary as spam ?

Yes, there's a way.. you can add a custom header rule for it that matches
on the Received: header generated by your secondary.

http://wiki.apache.org/spamassassin/WritingRules?action=highlight&value=rules

However, you might first wish to consider adding your secondary to your
trusted_networks on your SA primary if you use DNSBLs in SA. This will help
the DUL RBL's properly match mail sent to your secondary from a dialup,
which helps immensely.

>Doesn't blacklisting from only apply to the sender domain  and not the
>relays between ?

SA's blacklist_from, etc only applies to email addresses, not mailservers.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>



More information about the MailScanner mailing list