Rule for blocking own domain spam?

Thu Dec 18 15:33:37 GMT 2008

-----Original Message-----
From: mailscanner-bounces at lists.mailscanner.info
[mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Steven
Andrews
Sent: 18 December 2008 15:07
To: MailScanner discussion
Subject: RE: Rule for blocking own domain spam?

Assuming your ms box only handles inbound you could do an sa rule of
something like:

header	bad_inbound		From =~/domain\.com/i
score		bad_inbound		20

this is where domain.com is your domain.  Do yourself a favor and set
the score to be something like 0.1 to test the rule out first; don't
make it zero or it won't even trigger.

-----Original Message-----
From: mailscanner-bounces at lists.mailscanner.info
[mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Max
Kipness
Sent: Wednesday, December 17, 2008 5:02 PM
To: MailScanner discussion
Subject: Rule for blocking own domain spam?

Hi All,

I've been trying to figure out the best method for blocking spam that
appears to be sent from my own domain. Is this best done through a
MailScanner rule, and if so, how? Or can it be done in Sendmail?

We've been getting tons lately.

Thanks,
Max

-- 
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website! 
--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!

-- 
Scanned by MailScanner.
------------------------------------------------------------------------
------

We are getting lots of junk with to email being the same as from email
(which is what you are getting I guess). MailScanner has caught every
single one of them and with very high scores as well.

Here is a typical one and its score.

score=35.056   
4 required   
 autolearn=spam   
3.50 BAYES_99 Bayesian spam probability is 99 to 100% 
2.04 HTML_IMAGE_ONLY_04 HTML: images with 0-400 bytes of words 
0.00 HTML_MESSAGE HTML included in message 
0.00 HTML_SHORT_LINK_IMG_1 HTML is very short with a linked image 
2.00 KAM_RBL Higher scores for hitting multiple trusted RBLs 
1.46 MIME_HTML_ONLY Message only has text/html MIME parts 
3.70 PYZOR_CHECK Listed in Pyzor (http://pyzor.sf.net/) 
3.00 RCVD_IN_JMF_BL Sender listed in JMF-BLACK 
0.91 RCVD_IN_PBL Received via a relay in Spamhaus PBL 
0.88 RCVD_IN_SORBS_DUL SORBS: sent directly from dynamic IP address 
3.03 RCVD_IN_XBL Received via a relay in Spamhaus XBL 
1.67 SARE_HTML_IMG_ONLY   
0.84 SPF_HELO_SOFTFAIL SPF: HELO does not match SPF record (softfail) 
2.22 TVD_SPACE_RATIO   
1.86 URIBL_AB_SURBL Contains an URL listed in the AB SURBL blocklist 
1.96 URIBL_BLACK Contains an URL listed in the URIBL blacklist 
1.50 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist 
1.50 URIBL_OB_SURBL Contains an URL listed in the OB SURBL blocklist 
1.50 URIBL_SBL Contains an URL listed in the SBL blocklist 
1.50 URIBL_WS_SURBL Contains an URL listed in the WS SURBL blocklist