Whitelisting a partner

Julian Field MailScanner at ecs.soton.ac.uk
Fri Mar 5 09:29:23 GMT 2010


Good question.

I am thinking about a SpamAssassin rule that would detect if their 
system forwarded it, by looking for a Received: header that was their MX 
server, which would tell you that the mail did not originate in their 
system. If that Received: header text is present, then add a spam score 
to it?

I'm not quite sure how to do the "stop the whitelist" bit.

Of course if you wrote a Custom Function that looked for this Received: 
header text, that Custom Function could be used instead of (or in 
addition to) the ruleset for "Is Definitely Not Spam" so it would return 
0 (i.e. no) if it found the Received: header.

You should see a header, where in this example their MX server is at 
mx.yourpartner.com that looks something like
Received: from blah blah blah by mx.yourpartner.com blah blah blah

Does that help get you started?

Jules.

On 04/03/2010 17:17, Michael Masse wrote:
> Is there any way MailScanner can detect if an incoming email is being 
> forwarded or not?
> We currently have to whitelist a specific partner's email system and 
> that's perfectly fine.   Email originating from their server gets 
> checked for viruses and filetype violations, but not spam which is 
> exactly what we want.   The problem we are experiencing is that some 
> of that partner's users have come on board with us and are now using 
> our email system for their account.   They have the other system 
> automatically forwarding email from their old account to the new.    
> Their old spam detection is less than par and doesn't catch much, so 
> any email sent to their old account gets forwarded to their new 
> account on our system.   Since we whitelist their system, any email 
> coming from their server gets whitelisted including email that's being 
> forwarded which could be coming from anywhere and or anyone.     My 
> preference is to tell them to stop forwarding mail and set up a bounce 
> reply with their current email address, but is there any way I can 
> have MailScanner detect if the other system is actually originating 
> the email or if it's forwarding, and if it's forwarding stop the 
> whitelist?
> -Mike

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
Follow me at twitter.com/JulesFM and twitter.com/MailScanner


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.



More information about the MailScanner mailing list