blacklisting local domain?

Julian Field MailScanner at ecs.soton.ac.uk
Tue Jan 13 19:15:32 GMT 2009



On 13/1/09 18:18, Alex Neuman van der Hans wrote:
> It is, but it's better to do at the MTA stage with SPF and mta rules 
> than it is to do it at mailscanner.
>
> Otherwise you'd have to do something like:
>
> From:    *@yourdomain.com    and        From:    1.2.3.4        no
> From:    *@yourdomain.com    and        From:    2.3.4.5        no
> From:    *@yourdomain.com    and        From:    127.0.0.1    no
> From:    *@yourdomain.com        yes
>
> in your spam.blacklists.rules file. I guess.
That won't work as it will check the envelope sender, he wanted to check 
the From: header.
Nice try though :-)

Jules.

>
>
> On Jan 13, 2009, at 12:58 PM, Michael Masse wrote:
>
>> Is there any way MailScanner can blacklist email that says it's from 
>> my domain, but comes from an IP outside of my ipspace?   We force all 
>> of our clients to use our specific smtp server.
>>
>> We've been getting hit very hard with these self addressed spams 
>> lately and MailScanner has been doing a fantastic job of tagging 
>> these as spam, but the problem is that even though our commercial 
>> email system accepts spamassassin header tags to put them in the 
>> appropriate junk folder automatically, it ignores the headers if it 
>> thinks the sender is oneself and then I get complaints about these 
>> spams getting through.
>>
>> The real solution is obviously for the commercial vendor to fix this 
>> problem and trust spamassassin all the time, but this has been going 
>> on for years and they aren't going to change it any time soon, so I'm 
>> stuck with getting rid of these messages at the SMTP/Mailscanner 
>> stage before they get passed on to the rest of the mail system.    
>> I've implemented mailfromd which allows me to automatically reject 
>> any email that uses our domain as a sending domain and doesn't come 
>> from within our ip space at the SMTP negotiation envelope level and 
>> this is blocking 99% of them, but there are a few that are still 
>> sneaking through because they use some other domain at the smtp "mail 
>> from:" envelope stage which allows them to bypass mailfromd, but then 
>> in the data portion of the email they use our domain in the  from: 
>> address in the header which then confuses our email system into 
>> ignoring the spamassassin header tag again.
>>
>> As I said, MailScanner/Spamassassin is properly tagging these emails 
>> as spam, but the tags get ignored by an oversight on our mail 
>> system.  We force all of our clients to use our own smtp server, so 
>> there should never be a case of an email with a sender address of our 
>> domain coming from outside of our domain.    Is it possible for 
>> MailScanner to blacklist these?
>>
>> -Mike
>>
>> -- 
>> MailScanner mailing list
>> mailscanner at lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules at Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
PGP public key: http://www.jules.fm/julesfm.asc


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.



More information about the MailScanner mailing list