Felix,

Thanx for the input.  I would actually agree that this seems like more
of an MTA issue than anything else, but I'm not sure how to enforce
tests against both TO & FROM address (at the same time - like a SA meta
rule) within postfix...

Additionally, we are using SPF...however, I have been wondering whether
or not it is actually doing its thing.  Is there a way to debug this
process?  I have thrown amavis into debug-sa mode and watched some
traffic go through - it appears that the SPF plugin is operating without
error.  Are there other ways to test/debug it?

Here is a sample of what I have tried in SA:

header __META_domain_TO To =~ /[EMAIL PROTECTED]/i
header __META_domain_FROM From =~ /[EMAIL PROTECTED]/i

followed by:

meta domain_TOFROM __META_domain_TO && __META_domain_FROM

And:

score domain_TOFROM X.XX

I have tried variations on this including forcing 'end' ($) evaluation,
etc. but have had very mixed results when the rule fires (i.e. sometimes
it will match exactly; other times it will match one or the other of the
meta rules and sometimes will just not match anything but will still
fire for some reason)...

I've written many rules for SA and this one in particular is leaving me
scratching my head...although, I have never really gotten into too many
meta rules before...

Any insight you can provide would be greatly appreciated...

Thanx!!

Dustin.

-----Original Message-----
From: Felix Schwarz [mailto:[EMAIL PROTECTED] 
Sent: Thursday, March 16, 2006 2:30 AM
To: Dustin Humm
Cc: amavis-user@lists.sourceforge.net
Subject: Re: [AMaViS-user] Advanced Rule...

Hi Dustin,

Dustin Humm wrote:
> We protect roughly 25 domains with postfix/amavis/spamassassin.  All
of
> these domains need to be able to talk to one another. Although we are
> using this system for incoming mail only, we, obviously, need to allow
> communication between the domains that we protect.  What we are
running
> into is a situation where spammers send an email destined for
DOMAIN.COM
> and use DOMAIN.COM as the (spoofed) sender address.  This hits our
> whitelist, etc. and is inevitably passed through the system...

If I understood your problem correctly, the problem are spoofed
senders. I think you should look into SPF and similar techniques and
do not accept mail from your domains which do not come from one of
your mail servers. This is imho more a MTA configuration thing.

> As I said, I've tried to accomplish this using meta rules in SA, but
> have not had any (good) luck...

I think, a SA rule should work, too. Can you explain your problems
with that in more detail please? (Although I think SPF is the better
way to approach your problem.)

-- 
Felix





-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid0944&bid$1720&dat1642
_______________________________________________
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

Reply via email to