Rules, and Envelope header forging
Julian Field
MailScanner at ecs.soton.ac.uk
Thu May 18 20:58:56 IST 2006
Alex Laslavic (Lenox) wrote:
> The anti-phising rules did catch it.
> ClamAV missed it.
>
> Spamassassin would have caught it, except it is only invoked if the
> Envelope From contains "paypal".
>
> Oh well. I guess I'll just tell the exchange admins we need to run
> spamassassin on all messages.
>
You should indeed run SpamAssassin on everything. Spammers put anything
they like (usually some poor innocent soul) in the envelope sender
address. You can do it simplistically on a few rules. That's exactly the
situation that SpamAssassin is there to solve.
There is no way to determine which messages should be run through
SpamAssassin and which shouldn't, except in the situation where you are
an ISP and have recipient customers who are/aren't paying for spam
detection service. That's why you have SpamAssassin in the first place!
--
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
MailScanner thanks transtec Computers for their support.
More information about the MailScanner
mailing list