how to block mail where From and To are the same?

Steve Campbell campbell at cnpapers.com
Fri Apr 27 21:17:15 IST 2007 

----- Original Message ----- 
From: "Steve Campbell" <campbell at cnpapers.com>
To: "MailScanner discussion" <mailscanner at lists.mailscanner.info>
Sent: Friday, April 27, 2007 4:06 PM
Subject: Re: how to block mail where From and To are the same?


>
> ----- Original Message ----- 
> From: "Steve Freegard" <steve.freegard at fsl.com>
> To: "MailScanner discussion" <mailscanner at lists.mailscanner.info>
> Sent: Friday, April 27, 2007 3:41 PM
> Subject: Re: how to block mail where From and To are the same?
>
>
>> Hi Daniel,
>>
>> Daniel Maher wrote:
>>>> You could do this with a very simple Custom Function. It would just
>>>> check to see if
>>>> 1) There is only 1 recipient
>>>> 2) The recipient address @{$message->{from}}[0] eq the sender address
>>>> $message->{from}.
>>>>
>>>> Don't trust the syntax is 100% accurate, my Perl is a bit rusty due to
>>>> my hospital stay.
>>>>
>>>> Quite which configuration option you would attach this to is left as an
>>>> exercise for the reader :-)
>>>
>>> Thank you for the response!
>>>
>>> A wild guess at an appropriate config option would be "Use Custom Spam 
>>> Scanner".  My question is this: which comes first, SpamAssassin, or 
>>> Custom Spam Scanner, in the actual process?
>>>
>>> Also, does the reported "score" from Custom Spam Scanner get applied to 
>>> the SpamAssassin Score (i.e. for calculating spam actions)?  If not, how 
>>> is the reported Custom score used by MailScanner in determining an 
>>> action?
>>>
>>
>> Actually - if it were me, I'd put this into the 'Is Definitely Spam' 
>> option.  Then the custom function can return true for these messages and 
>> they'll simply be blacklisted.
>>
>> Much easier than trying to do it elsewhere.
>>
>> Kind regards,
>> Steve.
>> -- 
> Our system was being hit by this also for a while, but putting the IP in 
> whitelist rules instead of our domains seemed to catch most of this. Of 
> course, we didn't let roaming users (that said they were from our domains) 
> send to the servers, so this worked very well. If they needed the return 
> address to be from our domain, they were forced to use webmail, and that 
> IP was in whitelist rules, also. The occasional 'clean' spam would get 
> through, but nothing of the order we used to get.
>
> Steve

It's amazing how a sent message turns into gibberish after you hit the Send 
button.

What I meant to indicate was that after adding the IPs to the whitelist, the 
normal scans and virus checks would usually pick out the crap and throw it 
away on these duplicate from/to emails.

Steve

More information about the MailScanner mailing list