The point there sounds like the issue - IF you are whitelisting emails by address and NOT adding in a directional element, ie emails from marketing BUT only FROM the inside valid servers, then you'll open up holes for spam to get by<br>
<br>If you're scanning outbound emails then the best way in higher volumes is to use a separate server(s) with the same watermarking keys as the incoming scanner. Then you can start to use watermarking to help resolve the invalid bounce back issue, but also protect all users against spam.<br>
<br><br clear="all"><div>-- <br>Martin Hepworth, CISSP<br>Oxford, UK</div>
<br><br><div class="gmail_quote">On 20 March 2013 17:35, Robert Lopez <span dir="ltr"><<a href="mailto:rlopezcnm@gmail.com" target="_blank">rlopezcnm@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr"><div><div>Martin,<br><br></div>We do not white list the <a href="http://cnm.edu" target="_blank">cnm.edu</a> domain. We do white list some departments (example, <span>The Marketing and Communications Office, The Office of the President, etc.) because they sent such high volume of email it takes too much time to inspect them all. They are white listed via .../rules/spam.whitelist.rules and not in the white list postfix uses.<span class="HOEnZb"><font color="#888888"><br>
<br></font></span></span></div><span class="HOEnZb"><font color="#888888"><span>-Robert<br></span></font></span></div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><br><div class="gmail_quote">On Wed, Mar 20, 2013 at 7:40 AM, Martin Hepworth <span dir="ltr"><<a href="mailto:maxsec@gmail.com" target="_blank">maxsec@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">the 'watermaking' is based on the ability of mailScanner to addin an extra header containing a (I think) hash of your Org-name salted with the predefined secret in your MailScanner.conf<br>
<br><a href="http://www.mailscanner.info/MailScanner.conf.index.html#Watermark%20Header" target="_blank">http://www.mailscanner.info/MailScanner.conf.index.html#Watermark%20Header</a> <br>
<br>Not any use for this case and it's purely for use in MailScanner code.<br><br>I would check your whitelisting rules (definitely no spam etc) and make sure you're not whitelisting your own domain, this is a common mistake and lets alot of spam through that would normally be detected. If you need to whitelist your domain then use the ip-addresses of the internal email servers and not your domain.<br>
<br><br clear="all"><div>-- <br>Martin Hepworth, CISSP<br>Oxford, UK</div>
<br><br><div class="gmail_quote"><div><div>On 19 March 2013 23:57, Robert Lopez <span dir="ltr"><<a href="mailto:rlopezcnm@gmail.com" target="_blank">rlopezcnm@gmail.com</a>></span> wrote:<br></div></div>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div>
<div dir="ltr"><div>I understand watermarking is to defend against "joe job blowback". I think I understand that blowback problem is when email is sent, using for example my address, to many other domains and all the flack (blow back) comes back to me.<br>
<br></div>I am wondering if this watermarking is of any use in a type of SPAM we now frequently see. It is where email is sent to a list of addresses, all at our domain, and the from address is also the first address in the address list. Everyone else thinks the first person sent it. Our gateways send such email to Exchange and any communication back to the sender is entirely within Exchange and never comes back through the gateways again. <br>
<br>In this kind of SPAM I have always considered it of no use. Am I wrong in my thinking?<span><font color="#888888"><br clear="all"><div><div><br>-- <br>Robert Lopez<br>Unix Systems Administrator<br>Central New Mexico Community College (CNM)<br>
525 Buena Vista SE<br>
Albuquerque, New Mexico 87106
</div></div></font></span></div>
<br></div></div><span><font color="#888888">--<br>
MailScanner mailing list<br>
<a href="mailto:mailscanner@lists.mailscanner.info" target="_blank">mailscanner@lists.mailscanner.info</a><br>
<a href="http://lists.mailscanner.info/mailman/listinfo/mailscanner" target="_blank">http://lists.mailscanner.info/mailman/listinfo/mailscanner</a><br>
<br>
Before posting, read <a href="http://wiki.mailscanner.info/posting" target="_blank">http://wiki.mailscanner.info/posting</a><br>
<br>
Support MailScanner development - buy the book off the website!<br>
<br></font></span></blockquote></div><br>
<br>--<br>
MailScanner mailing list<br>
<a href="mailto:mailscanner@lists.mailscanner.info" target="_blank">mailscanner@lists.mailscanner.info</a><br>
<a href="http://lists.mailscanner.info/mailman/listinfo/mailscanner" target="_blank">http://lists.mailscanner.info/mailman/listinfo/mailscanner</a><br>
<br>
Before posting, read <a href="http://wiki.mailscanner.info/posting" target="_blank">http://wiki.mailscanner.info/posting</a><br>
<br>
Support MailScanner development - buy the book off the website!<br>
<br></blockquote></div><br><br clear="all"><br>-- <br>Robert Lopez<br>Unix Systems Administrator<br>Central New Mexico Community College (CNM)<br>525 Buena Vista SE<br>Albuquerque, New Mexico 87106
</div>
</div></div><br>--<br>
MailScanner mailing list<br>
<a href="mailto:mailscanner@lists.mailscanner.info">mailscanner@lists.mailscanner.info</a><br>
<a href="http://lists.mailscanner.info/mailman/listinfo/mailscanner" target="_blank">http://lists.mailscanner.info/mailman/listinfo/mailscanner</a><br>
<br>
Before posting, read <a href="http://wiki.mailscanner.info/posting" target="_blank">http://wiki.mailscanner.info/posting</a><br>
<br>
Support MailScanner development - buy the book off the website!<br>
<br></blockquote></div><br>