Whitelisting a partner
MailScanner at ecs.soton.ac.uk
Fri Mar 5 09:29:23 GMT 2010
I am thinking about a SpamAssassin rule that would detect if their
system forwarded it, by looking for a Received: header that was their MX
server, which would tell you that the mail did not originate in their
system. If that Received: header text is present, then add a spam score
I'm not quite sure how to do the "stop the whitelist" bit.
Of course if you wrote a Custom Function that looked for this Received:
header text, that Custom Function could be used instead of (or in
addition to) the ruleset for "Is Definitely Not Spam" so it would return
0 (i.e. no) if it found the Received: header.
You should see a header, where in this example their MX server is at
mx.yourpartner.com that looks something like
Received: from blah blah blah by mx.yourpartner.com blah blah blah
Does that help get you started?
On 04/03/2010 17:17, Michael Masse wrote:
> Is there any way MailScanner can detect if an incoming email is being
> forwarded or not?
> We currently have to whitelist a specific partner's email system and
> that's perfectly fine. Email originating from their server gets
> checked for viruses and filetype violations, but not spam which is
> exactly what we want. The problem we are experiencing is that some
> of that partner's users have come on board with us and are now using
> our email system for their account. They have the other system
> automatically forwarding email from their old account to the new.
> Their old spam detection is less than par and doesn't catch much, so
> any email sent to their old account gets forwarded to their new
> account on our system. Since we whitelist their system, any email
> coming from their server gets whitelisted including email that's being
> forwarded which could be coming from anywhere and or anyone. My
> preference is to tell them to stop forwarding mail and set up a bounce
> reply with their current email address, but is there any way I can
> have MailScanner detect if the other system is actually originating
> the email or if it's forwarding, and if it's forwarding stop the
Julian Field MEng CITP CEng
Buy the MailScanner book at www.MailScanner.info/store
Need help customising MailScanner?
Need help fixing or optimising your systems?
Need help getting you started solving new requirements from your boss?
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
Follow me at twitter.com/JulesFM and twitter.com/MailScanner
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the MailScanner