Watermarking and spoofed sender address

Robert Lopez rlopezcnm at gmail.com
Wed Mar 20 17:35:04 GMT 2013


Martin,

We do not white list the cnm.edu domain. We do white list some departments
(example, The Marketing and Communications Office, The Office of the
President, etc.) because they sent such high volume of email it takes too
much time to inspect them all. They are white listed via
.../rules/spam.whitelist.rules and not in the white list postfix uses.

-Robert


On Wed, Mar 20, 2013 at 7:40 AM, Martin Hepworth <maxsec at gmail.com> wrote:

> the 'watermaking' is based on the ability of mailScanner to addin an extra
> header containing a (I think) hash of your Org-name salted with the
> predefined secret in your MailScanner.conf
>
> http://www.mailscanner.info/MailScanner.conf.index.html#Watermark%20Header
>
> Not any use for this case and it's purely for use in MailScanner code.
>
> I would check your whitelisting rules (definitely no spam etc) and make
> sure you're not whitelisting your own domain, this is a common mistake and
> lets alot of spam through that would normally be detected. If you need to
> whitelist your domain then use the ip-addresses of the internal email
> servers and not your domain.
>
>
> --
> Martin Hepworth, CISSP
> Oxford, UK
>
>
> On 19 March 2013 23:57, Robert Lopez <rlopezcnm at gmail.com> wrote:
>
>> I understand watermarking is to defend against "joe job blowback". I
>> think I understand that blowback problem is when email is sent, using for
>> example my address, to many other domains and all the flack (blow back)
>> comes back to me.
>>
>> I am wondering if this watermarking is of any use in a type of SPAM we
>> now frequently see. It is where email is sent to a list of addresses, all
>> at our domain, and the from address is also the first address in the
>> address list. Everyone else thinks the first person sent it. Our gateways
>> send such email to Exchange and any communication back to the sender is
>> entirely within Exchange and never comes back through the gateways again.
>>
>> In this kind of SPAM I have always considered it of no use. Am I wrong in
>> my thinking?
>>
>> --
>> Robert Lopez
>> Unix Systems Administrator
>> Central New Mexico Community College (CNM)
>> 525 Buena Vista SE
>> Albuquerque, New Mexico 87106
>>
>> --
>> MailScanner mailing list
>> mailscanner at lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>>
>>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
> Before posting, read http://wiki.mailscanner.info/posting
>
> Support MailScanner development - buy the book off the website!
>
>


-- 
Robert Lopez
Unix Systems Administrator
Central New Mexico Community College (CNM)
525 Buena Vista SE
Albuquerque, New Mexico 87106
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20130320/1efa00fb/attachment.html 


More information about the MailScanner mailing list