Rules, and Envelope header forging

Julian Field MailScanner at ecs.soton.ac.uk
Thu May 18 20:58:56 IST 2006


Alex Laslavic (Lenox) wrote:
> The anti-phising rules did catch it.
> ClamAV missed it.  
>
> Spamassassin would have caught it, except it is only invoked if the
> Envelope From contains "paypal".  
>
> Oh well.  I guess I'll just tell the exchange admins we need to run
> spamassassin on all messages.  
>   
You should indeed run SpamAssassin on everything. Spammers put anything 
they like (usually some poor innocent soul) in the envelope sender 
address. You can do it simplistically on a few rules. That's exactly the 
situation that SpamAssassin is there to solve.

There is no way to determine which messages should be run through 
SpamAssassin and which shouldn't, except in the situation where you are 
an ISP and have recipient customers who are/aren't paying for spam 
detection service. That's why you have SpamAssassin in the first place!

-- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
MailScanner thanks transtec Computers for their support.



More information about the MailScanner mailing list