Felix, Thanx for the input. I would actually agree that this seems like more of an MTA issue than anything else, but I'm not sure how to enforce tests against both TO & FROM address (at the same time - like a SA meta rule) within postfix...
Additionally, we are using SPF...however, I have been wondering whether or not it is actually doing its thing. Is there a way to debug this process? I have thrown amavis into debug-sa mode and watched some traffic go through - it appears that the SPF plugin is operating without error. Are there other ways to test/debug it? Here is a sample of what I have tried in SA: header __META_domain_TO To =~ /[EMAIL PROTECTED]/i header __META_domain_FROM From =~ /[EMAIL PROTECTED]/i followed by: meta domain_TOFROM __META_domain_TO && __META_domain_FROM And: score domain_TOFROM X.XX I have tried variations on this including forcing 'end' ($) evaluation, etc. but have had very mixed results when the rule fires (i.e. sometimes it will match exactly; other times it will match one or the other of the meta rules and sometimes will just not match anything but will still fire for some reason)... I've written many rules for SA and this one in particular is leaving me scratching my head...although, I have never really gotten into too many meta rules before... Any insight you can provide would be greatly appreciated... Thanx!! Dustin. -----Original Message----- From: Felix Schwarz [mailto:[EMAIL PROTECTED] Sent: Thursday, March 16, 2006 2:30 AM To: Dustin Humm Cc: amavis-user@lists.sourceforge.net Subject: Re: [AMaViS-user] Advanced Rule... Hi Dustin, Dustin Humm wrote: > We protect roughly 25 domains with postfix/amavis/spamassassin. All of > these domains need to be able to talk to one another. Although we are > using this system for incoming mail only, we, obviously, need to allow > communication between the domains that we protect. What we are running > into is a situation where spammers send an email destined for DOMAIN.COM > and use DOMAIN.COM as the (spoofed) sender address. This hits our > whitelist, etc. and is inevitably passed through the system... If I understood your problem correctly, the problem are spoofed senders. I think you should look into SPF and similar techniques and do not accept mail from your domains which do not come from one of your mail servers. This is imho more a MTA configuration thing. > As I said, I've tried to accomplish this using meta rules in SA, but > have not had any (good) luck... I think, a SA rule should work, too. Can you explain your problems with that in more detail please? (Although I think SPF is the better way to approach your problem.) -- Felix ------------------------------------------------------- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnk&kid0944&bid$1720&dat1642 _______________________________________________ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/