Blocking spam based on from address

Michael Masse mrm at medicine.wisc.edu
Fri Feb 3 19:57:20 GMT 2006 

I'm using the latest release of MS and SA with sendmail 8.13 as the MTA
setup as a relay to a Groupwise system.    I'm having a big problem with
spam that bogusly claims to come from within my own domain either via
the envope sender or header sender or both.   SA flags most of these as
spam just fine, but the problem is that GW ignores the x-spam-status
flag if the sender claims to be within your own domain and does not
automatically move it to the junkmail folder.     This is obviously a
Groupwise problem that many people have complained to Novell about and
they claim to be working on it, but that does no good for right now.   

Since we are using MS as a relay there is never a case where mail
destined to a user within our domain will ever be from another user
within our domain because that all happens internally within Groupwise. 
  The only email that goes through MS that truthfully has a from address
of our domain is outgoing email.   Since MS calls sendmail, can MS tell
sendmail to drop all email claiming to come from our domain unless it
actually is, or is this something that I have to do at the MTA level?   
I really don't want to do reverse dns lookups for everything, because
the only emails I'm concerned about are the ones claiming to come from
within.     

I am already having sendmail block all bogus HELO's which claim to be
the same DNS name as the MS machine.   I know this isn't RFC compliant
but after a couple months of dropping a few thousand spams per day with
not a single complaint about it I'm pretty happy with it since I don't
have to waste CPU cycles on processing them.   I'd like to do something
similar with the bogus from address emails, but am not sure if this is a
MS or MTA issue.

As a last resort, is it possible to have MS change the from address if
the original from address is our domain and it gets flagged as spam?   
That would still cause the email to have to be processed completely, but
would at least bypass the stupid Groupwise issue of ignoring the
x-spam-status flag in the header because of a known domain name.

Mike

More information about the MailScanner mailing list