Re: [qmailtoaster] spam blocking questions
Rajesh, Look very closely at this line in your header.. Received-SPF: fail (ns1.xx.com: SPF record at xx.com *does not designate 208.115.35.224* as permitted sender) This ip is not supposed to be an authorized sender for x.com. Run that ip against the sites I listed. Look at other abusive mail and find these ips listed in your headers and do the same and see how many are foreign with a fraud profile and get busy establishing some lite firewalls to drop their entire CDIR or setup spamdyke to block certain country codes in the /etc/spamdyke/blacklist_keywords file. Of course if you are in the US you can just uncomment the line *reject-ip-in-cc-rdns* in the spamdyke.conf file. Now if i can just keep my domain from greylisting itself I should be good. TM Dave Eric Shubert wrote: Rajesh, I meant an actual spam, not one you create. This does no good. David's on the right track (where I was attempting to go with this). I'll let him carry forward on this. RM-24x7server.net wrote: hi Spam with the "mail to" and "mail from" as same email id Using a different email server, i email from raj...@xx.com (with different auth credentials) to raj...@xx.com (my mail server where xx.com is hosted) the email came thru with the following headers ### RFC822 Message body Return-Path: Delivered-To: raj...@xx.com Received: (qmail 12267 invoked by uid 89); 1 May 2009 02:15:10 - Received: by simscan 1.3.1 ppid: 12262, pid: 12264, t: 0.0694s scanners: attach: 1.3.1 spam: 3.2.5 X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on ns1.xx.com X-Spam-Level: X-Spam-Status: No, score=-0.4 required=5.0 tests=BAYES_00,RDNS_NONE, STOX_REPLY_TYPE,TVD_SPACE_RATIO autolearn=disabled version=3.2.5 Received: from unknown (HELO ns1.y.com) (208.115.35.224) by ns1.xx.com with (DHE-RSA-AES256-SHA encrypted) SMTP; 1 May 2009 02:15:10 - Received-SPF: fail (ns1.xx.com: SPF record at xx.com does not designate 208.115.35.224 as permitted sender) Received: (qmail 14831 invoked by uid 89); 1 May 2009 01:49:41 - Received: by simscan 1.3.1 ppid: 14752, pid: 14790, t: 1.4497s scanners: attach: 1.3.1 Received: from unknown (HELO inic1) (y...@y.com@59.184.138.203) by ns1.yy.com with ESMTPA; 1 May 2009 01:49:40 - Message-ID: <001e01c9ca03$40b50e90$1401a...@inic1> From: "xx.com" To: Subject: xx Date: Fri, 1 May 2009 07:49:20 +0530 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="iso-8859-1"; reply-type=original Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 corpmailserver ### Have you received this type of spam since installing spamdyke? If so, please post the headers from an example. Have you modified the spamdyke configuration that qtp-install-spamdyke installed? If not, you might try enabling reject-ip-in-cc-rdns if that's feasible for your use. See spamdyke documentation (http://spamdyke.org) for details. If so, please post your spamdyke configuration.
Re: [qmailtoaster] spam blocking questions
Rajesh, I meant an actual spam, not one you create. This does no good. David's on the right track (where I was attempting to go with this). I'll let him carry forward on this. RM-24x7server.net wrote: hi Spam with the "mail to" and "mail from" as same email id Using a different email server, i email from raj...@xx.com (with different auth credentials) to raj...@xx.com (my mail server where xx.com is hosted) the email came thru with the following headers ### RFC822 Message body Return-Path: Delivered-To: raj...@xx.com Received: (qmail 12267 invoked by uid 89); 1 May 2009 02:15:10 - Received: by simscan 1.3.1 ppid: 12262, pid: 12264, t: 0.0694s scanners: attach: 1.3.1 spam: 3.2.5 X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on ns1.xx.com X-Spam-Level: X-Spam-Status: No, score=-0.4 required=5.0 tests=BAYES_00,RDNS_NONE, STOX_REPLY_TYPE,TVD_SPACE_RATIO autolearn=disabled version=3.2.5 Received: from unknown (HELO ns1.y.com) (208.115.35.224) by ns1.xx.com with (DHE-RSA-AES256-SHA encrypted) SMTP; 1 May 2009 02:15:10 - Received-SPF: fail (ns1.xx.com: SPF record at xx.com does not designate 208.115.35.224 as permitted sender) Received: (qmail 14831 invoked by uid 89); 1 May 2009 01:49:41 - Received: by simscan 1.3.1 ppid: 14752, pid: 14790, t: 1.4497s scanners: attach: 1.3.1 Received: from unknown (HELO inic1) (y...@y.com@59.184.138.203) by ns1.yy.com with ESMTPA; 1 May 2009 01:49:40 - Message-ID: <001e01c9ca03$40b50e90$1401a...@inic1> From: "xx.com" To: Subject: xx Date: Fri, 1 May 2009 07:49:20 +0530 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="iso-8859-1"; reply-type=original Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 corpmailserver ### Have you received this type of spam since installing spamdyke? If so, please post the headers from an example. Have you modified the spamdyke configuration that qtp-install-spamdyke installed? If not, you might try enabling reject-ip-in-cc-rdns if that's feasible for your use. See spamdyke documentation (http://spamdyke.org) for details. If so, please post your spamdyke configuration. -- -Eric 'shubes' - Managed Qmailtoaster servers are now available Visit http://qmailtoaster.com/QMTManaged.html to order yours today! Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: testing-unsubscr...@qmailtoaster.com For additional commands, e-mail: testing-h...@qmailtoaster.com
Re: [qmailtoaster] spam blocking questions
I would take a closer look at the header and see where the orginating ip is coming from then run it against dns reports or ipcountryblocks.net to see what country it belongs to and check its fraud profile. Ill bet 99% that it is going to register on some level. If you find this to be the case then confirm against other related spam email to see if it is foreign and if so spamdyke has a configuration to specifically drop certain country codes or allow them. I am confirming this with Jake offlist. Here is where I found this info: http://wiki.qmailtoaster.com/index.php/Spamdyke TM Dave RM-24x7server.net wrote: hi Spam with the "mail to" and "mail from" as same email id Using a different email server, i email from raj...@xx.com (with different auth credentials) to raj...@xx.com (my mail server where xx.com is hosted) the email came thru with the following headers ### RFC822 Message body Return-Path: Delivered-To: raj...@xx.com Received: (qmail 12267 invoked by uid 89); 1 May 2009 02:15:10 - Received: by simscan 1.3.1 ppid: 12262, pid: 12264, t: 0.0694s scanners: attach: 1.3.1 spam: 3.2.5 X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on ns1.xx.com X-Spam-Level: X-Spam-Status: No, score=-0.4 required=5.0 tests=BAYES_00,RDNS_NONE, STOX_REPLY_TYPE,TVD_SPACE_RATIO autolearn=disabled version=3.2.5 Received: from unknown (HELO ns1.y.com) (208.115.35.224) by ns1.xx.com with (DHE-RSA-AES256-SHA encrypted) SMTP; 1 May 2009 02:15:10 - Received-SPF: fail (ns1.xx.com: SPF record at xx.com does not designate 208.115.35.224 as permitted sender) Received: (qmail 14831 invoked by uid 89); 1 May 2009 01:49:41 - Received: by simscan 1.3.1 ppid: 14752, pid: 14790, t: 1.4497s scanners: attach: 1.3.1 Received: from unknown (HELO inic1) (y...@y.com@59.184.138.203) by ns1.yy.com with ESMTPA; 1 May 2009 01:49:40 - Message-ID: <001e01c9ca03$40b50e90$1401a...@inic1> From: "xx.com" To: Subject: xx Date: Fri, 1 May 2009 07:49:20 +0530 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="iso-8859-1"; reply-type=original Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 corpmailserver ### Have you received this type of spam since installing spamdyke? If so, please post the headers from an example. Have you modified the spamdyke configuration that qtp-install-spamdyke installed? If not, you might try enabling reject-ip-in-cc-rdns if that's feasible for your use. See spamdyke documentation (http://spamdyke.org) for details. If so, please post your spamdyke configuration. 24x7ser...@24x7server.net wrote: hi i have QTP with spamdyke implemented and running on my server i read thru spamdyke configuration details but did not find anything specific that will actually block spam mail with the "from" and "to" address as the same but originating from a unknown server. Can you point me as to which specific configuration will actually track this and help me to block such mails? by the way i found a spamassassin plugin that blocks emails where the "mail from" different from the "reply to" which i am posting seperately incase it is useful for somebody -- this blocks tons of email list spam with minimal load on spamassassin. thanks rajesh Simply run the qtp-install-spamdyke script, and spamdyke will be installed for you. Be sure to update to the current QTP before doing so, as an older version of QTP might install an older version of spamdyke, or the older QTP might not contain the qtp-install-spamdyke script at all. See http://wiki.qmailtoaster.com/index.php/Spamdyke for more. There is absolutely no harm in updating QTP. It is benign in and of itself. It's only when you run some of the QTP tools that your QMT configuration might change. I hope that answers your question. 24x7ser...@24x7server.net wrote: hi we are indeed using qmailtoaster plus (QTP) but i would like to know which specific configuration of QTP is related to this ? thanks rajesh 24x7ser...@24x7server.net wrote: hi in spamassassin i generally whitelist specific domains whitelist_from_rcvd *...@friendlydomain.com friendlydomain.com whitelist_from_rcvd *...@friendlydomain.com abc.friendlydomain.com whitelist_from_rcvd *...@friendlydomain.com xyz.friendlydomain.com i know for sure that the emails from *...@friendlydomain.com and coming from different ip addressess - friendlydomain.com, abc.friendlydomain.com and xyz.friendlydomain.com are good email what i need to do is blacklist emails from *...@friendlydomain.com if they are NOT from friendlydomain.com, abc.friendlydomain.com and xyz.friendlydomain.com since i know for sure that emails from *...@friendlydomain.com will not originate from any other server. is there is method for this ?
Re: [qmailtoaster] spam blocking questions
hi Spam with the "mail to" and "mail from" as same email id Using a different email server, i email from raj...@xx.com (with different auth credentials) to raj...@xx.com (my mail server where xx.com is hosted) the email came thru with the following headers ### RFC822 Message body Return-Path: Delivered-To: raj...@xx.com Received: (qmail 12267 invoked by uid 89); 1 May 2009 02:15:10 - Received: by simscan 1.3.1 ppid: 12262, pid: 12264, t: 0.0694s scanners: attach: 1.3.1 spam: 3.2.5 X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on ns1.xx.com X-Spam-Level: X-Spam-Status: No, score=-0.4 required=5.0 tests=BAYES_00,RDNS_NONE, STOX_REPLY_TYPE,TVD_SPACE_RATIO autolearn=disabled version=3.2.5 Received: from unknown (HELO ns1.y.com) (208.115.35.224) by ns1.xx.com with (DHE-RSA-AES256-SHA encrypted) SMTP; 1 May 2009 02:15:10 - Received-SPF: fail (ns1.xx.com: SPF record at xx.com does not designate 208.115.35.224 as permitted sender) Received: (qmail 14831 invoked by uid 89); 1 May 2009 01:49:41 - Received: by simscan 1.3.1 ppid: 14752, pid: 14790, t: 1.4497s scanners: attach: 1.3.1 Received: from unknown (HELO inic1) (y...@y.com@59.184.138.203) by ns1.yy.com with ESMTPA; 1 May 2009 01:49:40 - Message-ID: <001e01c9ca03$40b50e90$1401a...@inic1> From: "xx.com" To: Subject: xx Date: Fri, 1 May 2009 07:49:20 +0530 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="iso-8859-1"; reply-type=original Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 corpmailserver ### > Have you received this type of spam since installing spamdyke? If so, > please post the headers from an example. > > Have you modified the spamdyke configuration that qtp-install-spamdyke > installed? > > If not, you might try enabling reject-ip-in-cc-rdns if that's feasible > for your use. See spamdyke documentation (http://spamdyke.org) for > details. > > If so, please post your spamdyke configuration. > > 24x7ser...@24x7server.net wrote: >> hi >> >> i have QTP with spamdyke implemented and running on my server >> >> i read thru spamdyke configuration details but did not find anything >> specific that will actually block spam mail with the "from" and "to" >> address as the same but originating from a unknown server. >> Can you point me as to which specific configuration will actually track >> this and help me to block such mails? >> >> >> by the way i found a spamassassin plugin that blocks emails where the >> "mail from" different from the "reply to" which i am posting seperately >> incase it is useful for somebody -- this blocks tons of email list spam >> with minimal load on spamassassin. >> >> >> thanks >> rajesh >> >> >> >> >> >>> Simply run the qtp-install-spamdyke script, and spamdyke will be >>> installed for you. Be sure to update to the current QTP before doing >>> so, >>> as an older version of QTP might install an older version of spamdyke, >>> or the older QTP might not contain the qtp-install-spamdyke script at >>> all. See http://wiki.qmailtoaster.com/index.php/Spamdyke for more. >>> >>> There is absolutely no harm in updating QTP. It is benign in and of >>> itself. It's only when you run some of the QTP tools that your QMT >>> configuration might change. >>> >>> I hope that answers your question. >>> >>> 24x7ser...@24x7server.net wrote: hi we are indeed using qmailtoaster plus (QTP) but i would like to know which specific configuration of QTP is related to this ? thanks rajesh > 24x7ser...@24x7server.net wrote: >> hi >> >> in spamassassin i generally whitelist specific domains >> >> whitelist_from_rcvd *...@friendlydomain.com friendlydomain.com >> whitelist_from_rcvd *...@friendlydomain.com abc.friendlydomain.com >> whitelist_from_rcvd *...@friendlydomain.com xyz.friendlydomain.com >> >> i know for sure that the emails from *...@friendlydomain.com and coming >> from >> different ip addressess - friendlydomain.com, abc.friendlydomain.com >> and >> xyz.friendlydomain.com are good email >> >> what i need to do is blacklist emails from *...@friendlydomain.com if >> they >> are NOT from friendlydomain.com, abc.friendlydomain.com and >> xyz.friendlydomain.com since i know for sure that emails from >> *...@friendlydomain.com will not originate from any other server. >> >> >> is there is method for this ? > As Jake explained, no. Spamassassin won't catch this type of spam. > > Use spamdyke. There is a script in qmailtoaster-plus > (http://qtp.qmailtoaster.com) that will install it for you. It will > lighten the load on your server as well. > >> rajesh >> >> >>> FWIW, I have a user who do
Re: [qmailtoaster] spam blocking questions
Have you received this type of spam since installing spamdyke? If so, please post the headers from an example. Have you modified the spamdyke configuration that qtp-install-spamdyke installed? If not, you might try enabling reject-ip-in-cc-rdns if that's feasible for your use. See spamdyke documentation (http://spamdyke.org) for details. If so, please post your spamdyke configuration. 24x7ser...@24x7server.net wrote: hi i have QTP with spamdyke implemented and running on my server i read thru spamdyke configuration details but did not find anything specific that will actually block spam mail with the "from" and "to" address as the same but originating from a unknown server. Can you point me as to which specific configuration will actually track this and help me to block such mails? by the way i found a spamassassin plugin that blocks emails where the "mail from" different from the "reply to" which i am posting seperately incase it is useful for somebody -- this blocks tons of email list spam with minimal load on spamassassin. thanks rajesh Simply run the qtp-install-spamdyke script, and spamdyke will be installed for you. Be sure to update to the current QTP before doing so, as an older version of QTP might install an older version of spamdyke, or the older QTP might not contain the qtp-install-spamdyke script at all. See http://wiki.qmailtoaster.com/index.php/Spamdyke for more. There is absolutely no harm in updating QTP. It is benign in and of itself. It's only when you run some of the QTP tools that your QMT configuration might change. I hope that answers your question. 24x7ser...@24x7server.net wrote: hi we are indeed using qmailtoaster plus (QTP) but i would like to know which specific configuration of QTP is related to this ? thanks rajesh 24x7ser...@24x7server.net wrote: hi in spamassassin i generally whitelist specific domains whitelist_from_rcvd *...@friendlydomain.com friendlydomain.com whitelist_from_rcvd *...@friendlydomain.com abc.friendlydomain.com whitelist_from_rcvd *...@friendlydomain.com xyz.friendlydomain.com i know for sure that the emails from *...@friendlydomain.com and coming from different ip addressess - friendlydomain.com, abc.friendlydomain.com and xyz.friendlydomain.com are good email what i need to do is blacklist emails from *...@friendlydomain.com if they are NOT from friendlydomain.com, abc.friendlydomain.com and xyz.friendlydomain.com since i know for sure that emails from *...@friendlydomain.com will not originate from any other server. is there is method for this ? As Jake explained, no. Spamassassin won't catch this type of spam. Use spamdyke. There is a script in qmailtoaster-plus (http://qtp.qmailtoaster.com) that will install it for you. It will lighten the load on your server as well. rajesh FWIW, I have a user who does this periodically to save various things, so for me it's not spam. Are you using spamdyke? I'd be surprised if spamdyke didn't catch the emails in question. -- -Eric 'shubes' -- -Eric 'shubes' -- -Eric 'shubes' - Managed Qmailtoaster servers are now available Visit http://qmailtoaster.com/QMTManaged.html to order yours today! Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: testing-unsubscr...@qmailtoaster.com For additional commands, e-mail: testing-h...@qmailtoaster.com
Re: [qmailtoaster] spam blocking questions
24x7ser...@24x7server.net wrote: hi i have QTP with spamdyke implemented and running on my server i read thru spamdyke configuration details but did not find anything specific that will actually block spam mail with the "from" and "to" address as the same but originating from a unknown server. Can you point me as to which specific configuration will actually track this and help me to block such mails? by the way i found a spamassassin plugin that blocks emails where the "mail from" different from the "reply to" which i am posting seperately incase it is useful for somebody -- this blocks tons of email list spam with minimal load on spamassassin. 9 times out of 10 those messages will be blocked by RBL or a reverse DNS check, which spamdyke will perform for you. Thanks for finding the spamassassin plugin. Now someone just needs to add it to the wiki. I couldn't use it for any of my clients however. They like to use different reply-to addresses. I even do the same myself when I have multiple domains on the same server. Thanks. - Managed Qmailtoaster servers are now available Visit http://qmailtoaster.com/QMTManaged.html to order yours today! Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: testing-unsubscr...@qmailtoaster.com For additional commands, e-mail: testing-h...@qmailtoaster.com
Re: [qmailtoaster] spam blocking questions
hi i have QTP with spamdyke implemented and running on my server i read thru spamdyke configuration details but did not find anything specific that will actually block spam mail with the "from" and "to" address as the same but originating from a unknown server. Can you point me as to which specific configuration will actually track this and help me to block such mails? by the way i found a spamassassin plugin that blocks emails where the "mail from" different from the "reply to" which i am posting seperately incase it is useful for somebody -- this blocks tons of email list spam with minimal load on spamassassin. thanks rajesh > Simply run the qtp-install-spamdyke script, and spamdyke will be > installed for you. Be sure to update to the current QTP before doing so, > as an older version of QTP might install an older version of spamdyke, > or the older QTP might not contain the qtp-install-spamdyke script at > all. See http://wiki.qmailtoaster.com/index.php/Spamdyke for more. > > There is absolutely no harm in updating QTP. It is benign in and of > itself. It's only when you run some of the QTP tools that your QMT > configuration might change. > > I hope that answers your question. > > 24x7ser...@24x7server.net wrote: >> hi >> >> we are indeed using qmailtoaster plus (QTP) >> >> but i would like to know which specific configuration of QTP is related >> to >> this ? >> >> thanks >> rajesh >> >> >> >> >>> 24x7ser...@24x7server.net wrote: hi in spamassassin i generally whitelist specific domains whitelist_from_rcvd *...@friendlydomain.com friendlydomain.com whitelist_from_rcvd *...@friendlydomain.com abc.friendlydomain.com whitelist_from_rcvd *...@friendlydomain.com xyz.friendlydomain.com i know for sure that the emails from *...@friendlydomain.com and coming from different ip addressess - friendlydomain.com, abc.friendlydomain.com and xyz.friendlydomain.com are good email what i need to do is blacklist emails from *...@friendlydomain.com if they are NOT from friendlydomain.com, abc.friendlydomain.com and xyz.friendlydomain.com since i know for sure that emails from *...@friendlydomain.com will not originate from any other server. is there is method for this ? >>> As Jake explained, no. Spamassassin won't catch this type of spam. >>> >>> Use spamdyke. There is a script in qmailtoaster-plus >>> (http://qtp.qmailtoaster.com) that will install it for you. It will >>> lighten the load on your server as well. >>> rajesh > FWIW, I have a user who does this periodically to save various > things, > so for me it's not spam. > > Are you using spamdyke? I'd be surprised if spamdyke didn't catch the > emails in question. > >>> -- >>> -Eric 'shubes' > > > -- > -Eric 'shubes' > > > - > Managed Qmailtoaster servers are now available >Visit http://qmailtoaster.com/QMTManaged.html to order yours today! > > Qmailtoaster is sponsored by Vickers Consulting Group > (www.vickersconsulting.com) > > Please visit qmailtoaster.com for the latest news, updates, and > packages. > > > To unsubscribe, e-mail: testing-unsubscr...@qmailtoaster.com > For additional commands, e-mail: testing-h...@qmailtoaster.com > > > - Managed Qmailtoaster servers are now available Visit http://qmailtoaster.com/QMTManaged.html to order yours today! Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: testing-unsubscr...@qmailtoaster.com For additional commands, e-mail: testing-h...@qmailtoaster.com
Re: [qmailtoaster] spam blocking questions
Simply run the qtp-install-spamdyke script, and spamdyke will be installed for you. Be sure to update to the current QTP before doing so, as an older version of QTP might install an older version of spamdyke, or the older QTP might not contain the qtp-install-spamdyke script at all. See http://wiki.qmailtoaster.com/index.php/Spamdyke for more. There is absolutely no harm in updating QTP. It is benign in and of itself. It's only when you run some of the QTP tools that your QMT configuration might change. I hope that answers your question. 24x7ser...@24x7server.net wrote: hi we are indeed using qmailtoaster plus (QTP) but i would like to know which specific configuration of QTP is related to this ? thanks rajesh 24x7ser...@24x7server.net wrote: hi in spamassassin i generally whitelist specific domains whitelist_from_rcvd *...@friendlydomain.com friendlydomain.com whitelist_from_rcvd *...@friendlydomain.com abc.friendlydomain.com whitelist_from_rcvd *...@friendlydomain.com xyz.friendlydomain.com i know for sure that the emails from *...@friendlydomain.com and coming from different ip addressess - friendlydomain.com, abc.friendlydomain.com and xyz.friendlydomain.com are good email what i need to do is blacklist emails from *...@friendlydomain.com if they are NOT from friendlydomain.com, abc.friendlydomain.com and xyz.friendlydomain.com since i know for sure that emails from *...@friendlydomain.com will not originate from any other server. is there is method for this ? As Jake explained, no. Spamassassin won't catch this type of spam. Use spamdyke. There is a script in qmailtoaster-plus (http://qtp.qmailtoaster.com) that will install it for you. It will lighten the load on your server as well. rajesh FWIW, I have a user who does this periodically to save various things, so for me it's not spam. Are you using spamdyke? I'd be surprised if spamdyke didn't catch the emails in question. -- -Eric 'shubes' -- -Eric 'shubes' - Managed Qmailtoaster servers are now available Visit http://qmailtoaster.com/QMTManaged.html to order yours today! Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: testing-unsubscr...@qmailtoaster.com For additional commands, e-mail: testing-h...@qmailtoaster.com
Re: [qmailtoaster] spam blocking questions
hi we are indeed using qmailtoaster plus (QTP) but i would like to know which specific configuration of QTP is related to this ? thanks rajesh > 24x7ser...@24x7server.net wrote: >> hi >> >> in spamassassin i generally whitelist specific domains >> >> whitelist_from_rcvd *...@friendlydomain.com friendlydomain.com >> whitelist_from_rcvd *...@friendlydomain.com abc.friendlydomain.com >> whitelist_from_rcvd *...@friendlydomain.com xyz.friendlydomain.com >> >> i know for sure that the emails from *...@friendlydomain.com and coming >> from >> different ip addressess - friendlydomain.com, abc.friendlydomain.com and >> xyz.friendlydomain.com are good email >> >> what i need to do is blacklist emails from *...@friendlydomain.com if they >> are NOT from friendlydomain.com, abc.friendlydomain.com and >> xyz.friendlydomain.com since i know for sure that emails from >> *...@friendlydomain.com will not originate from any other server. >> >> >> is there is method for this ? > > As Jake explained, no. Spamassassin won't catch this type of spam. > > Use spamdyke. There is a script in qmailtoaster-plus > (http://qtp.qmailtoaster.com) that will install it for you. It will > lighten the load on your server as well. > >> rajesh >> >> >>> FWIW, I have a user who does this periodically to save various things, >>> so for me it's not spam. >>> >>> Are you using spamdyke? I'd be surprised if spamdyke didn't catch the >>> emails in question. >>> > -- > -Eric 'shubes' > > > - > Managed Qmailtoaster servers are now available >Visit http://qmailtoaster.com/QMTManaged.html to order yours today! > > Qmailtoaster is sponsored by Vickers Consulting Group > (www.vickersconsulting.com) > > Please visit qmailtoaster.com for the latest news, updates, and > packages. > > > To unsubscribe, e-mail: testing-unsubscr...@qmailtoaster.com > For additional commands, e-mail: testing-h...@qmailtoaster.com > > > - Managed Qmailtoaster servers are now available Visit http://qmailtoaster.com/QMTManaged.html to order yours today! Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: testing-unsubscr...@qmailtoaster.com For additional commands, e-mail: testing-h...@qmailtoaster.com
Re: [qmailtoaster] spam blocking questions
24x7ser...@24x7server.net wrote: hi in spamassassin i generally whitelist specific domains whitelist_from_rcvd *...@friendlydomain.com friendlydomain.com whitelist_from_rcvd *...@friendlydomain.com abc.friendlydomain.com whitelist_from_rcvd *...@friendlydomain.com xyz.friendlydomain.com i know for sure that the emails from *...@friendlydomain.com and coming from different ip addressess - friendlydomain.com, abc.friendlydomain.com and xyz.friendlydomain.com are good email what i need to do is blacklist emails from *...@friendlydomain.com if they are NOT from friendlydomain.com, abc.friendlydomain.com and xyz.friendlydomain.com since i know for sure that emails from *...@friendlydomain.com will not originate from any other server. is there is method for this ? As Jake explained, no. Spamassassin won't catch this type of spam. Use spamdyke. There is a script in qmailtoaster-plus (http://qtp.qmailtoaster.com) that will install it for you. It will lighten the load on your server as well. rajesh FWIW, I have a user who does this periodically to save various things, so for me it's not spam. Are you using spamdyke? I'd be surprised if spamdyke didn't catch the emails in question. -- -Eric 'shubes' - Managed Qmailtoaster servers are now available Visit http://qmailtoaster.com/QMTManaged.html to order yours today! Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: testing-unsubscr...@qmailtoaster.com For additional commands, e-mail: testing-h...@qmailtoaster.com
Re: [qmailtoaster] spam blocking questions
24x7ser...@24x7server.net wrote: hi in spamassassin i generally whitelist specific domains whitelist_from_rcvd *...@friendlydomain.com friendlydomain.com whitelist_from_rcvd *...@friendlydomain.com abc.friendlydomain.com whitelist_from_rcvd *...@friendlydomain.com xyz.friendlydomain.com i know for sure that the emails from *...@friendlydomain.com and coming from different ip addressess - friendlydomain.com, abc.friendlydomain.com and xyz.friendlydomain.com are good email what i need to do is blacklist emails from *...@friendlydomain.com if they are NOT from friendlydomain.com, abc.friendlydomain.com and xyz.friendlydomain.com since i know for sure that emails from *...@friendlydomain.com will not originate from any other server. is there is method for this ? rajesh SPF if they set up the DNS records. If you know IP addresses, you can probably write a maildrop script to parse this or a very advanced Spamassassin rule, but I think it would be less resource intensive to handle it via maildrop. - Managed Qmailtoaster servers are now available Visit http://qmailtoaster.com/QMTManaged.html to order yours today! Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: testing-unsubscr...@qmailtoaster.com For additional commands, e-mail: testing-h...@qmailtoaster.com
Re: [qmailtoaster] spam blocking questions
hi
in spamassassin i generally whitelist specific domains
whitelist_from_rcvd *...@friendlydomain.com friendlydomain.com
whitelist_from_rcvd *...@friendlydomain.com abc.friendlydomain.com
whitelist_from_rcvd *...@friendlydomain.com xyz.friendlydomain.com
i know for sure that the emails from *...@friendlydomain.com and coming from
different ip addressess - friendlydomain.com, abc.friendlydomain.com and
xyz.friendlydomain.com are good email
what i need to do is blacklist emails from *...@friendlydomain.com if they
are NOT from friendlydomain.com, abc.friendlydomain.com and
xyz.friendlydomain.com since i know for sure that emails from
*...@friendlydomain.com will not originate from any other server.
is there is method for this ?
rajesh
> FWIW, I have a user who does this periodically to save various things,
> so for me it's not spam.
>
> Are you using spamdyke? I'd be surprised if spamdyke didn't catch the
> emails in question.
>
> 24x7ser...@24x7server.net wrote:
>> thanks for your reply
>>
>> spamassassin is such an advanced software i am sure there will be some
>> way
>> out to handle this.
>>
>> i hope somebody suggests a solution because such emails would be a
>> definite spam
>>
>> rajesh
>>
>>
>>> On Thursday 23 April 2009 12:58:17 24x7ser...@24x7server.net wrote:
1) I sometimes receive spam mail with both the "mail from" and the
"mail
to" as the same email id. I need a spamassassin rule to block such
emails
2) a spamassassin rule to compare the mail from and envelope sender
(reply-to) and if both don't match then allocate a particular score to
the
email.
>>> I have asked the same question in spamassassin mailing list, but it
>>> seems
>>> that
>>> spamassassin cannot do it.
>>>
>>> I have tried to harden my SPF to block it ("v=spf1 mx -all" instead of
>>> "v=spf1
>>> mx ~all" ) , but it create more problem.
>>>
>>> My suggestion is to train the spamassassin bayes to catch the spam.
>>>
>>> --
>>> Regards,
>>>
>>> Adi Nugroho - http://adi.internux.co.id/
>>> iNterNUX --- http://www.internux.net.id/
>>> Jalan Dr. Sam Ratulangi No. 53J Makassar
>>> Tel. +62-411-834690 Fax. +62-411-834691
>>> CDMA:+62-411-6109535 GSM:+62-816-27-9193
>>>
>>>
>
>
> --
> -Eric 'shubes'
>
>
> -
> Managed Qmailtoaster servers are now available
>Visit http://qmailtoaster.com/QMTManaged.html to order yours today!
>
> Qmailtoaster is sponsored by Vickers Consulting Group
> (www.vickersconsulting.com)
>
> Please visit qmailtoaster.com for the latest news, updates, and
> packages.
>
>
> To unsubscribe, e-mail: testing-unsubscr...@qmailtoaster.com
> For additional commands, e-mail: testing-h...@qmailtoaster.com
>
>
>
-
Managed Qmailtoaster servers are now available
Visit http://qmailtoaster.com/QMTManaged.html to order yours today!
Qmailtoaster is sponsored by Vickers Consulting Group
(www.vickersconsulting.com)
Please visit qmailtoaster.com for the latest news, updates, and packages.
To unsubscribe, e-mail: testing-unsubscr...@qmailtoaster.com
For additional commands, e-mail: testing-h...@qmailtoaster.com
Re: [qmailtoaster] spam blocking questions
24x7ser...@24x7server.net wrote: thanks for your reply spamassassin is such an advanced software i am sure there will be some way out to handle this. i hope somebody suggests a solution because such emails would be a definite spam rajesh On Thursday 23 April 2009 12:58:17 24x7ser...@24x7server.net wrote: 1) I sometimes receive spam mail with both the "mail from" and the "mail to" as the same email id. I need a spamassassin rule to block such emails 2) a spamassassin rule to compare the mail from and envelope sender (reply-to) and if both don't match then allocate a particular score to the email. This subject comes up on other mail server mailing lists almost weekly. Basically the bulk of them are blocked by blacklists (RBLs) or by performing reverse DNS checks. Spamassassin cannot catch them; I have many users (especially with Blackberry devices) who BCC their own messages to themselves for archiving purposes. I used to do this myself until I switched to IMAP exclusively. You *can* enable SURBL checks in Spamassassin which may score them enough to tag them as spam (and possibly delete them depending on your settings) but that's all Spamassassin can do. - Managed Qmailtoaster servers are now available Visit http://qmailtoaster.com/QMTManaged.html to order yours today! Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: testing-unsubscr...@qmailtoaster.com For additional commands, e-mail: testing-h...@qmailtoaster.com
Re: [qmailtoaster] spam blocking questions
FWIW, I have a user who does this periodically to save various things,
so for me it's not spam.
Are you using spamdyke? I'd be surprised if spamdyke didn't catch the
emails in question.
24x7ser...@24x7server.net wrote:
thanks for your reply
spamassassin is such an advanced software i am sure there will be some way
out to handle this.
i hope somebody suggests a solution because such emails would be a
definite spam
rajesh
On Thursday 23 April 2009 12:58:17 24x7ser...@24x7server.net wrote:
1) I sometimes receive spam mail with both the "mail from" and the "mail
to" as the same email id. I need a spamassassin rule to block such
emails
2) a spamassassin rule to compare the mail from and envelope sender
(reply-to) and if both don't match then allocate a particular score to
the
email.
I have asked the same question in spamassassin mailing list, but it seems
that
spamassassin cannot do it.
I have tried to harden my SPF to block it ("v=spf1 mx -all" instead of
"v=spf1
mx ~all" ) , but it create more problem.
My suggestion is to train the spamassassin bayes to catch the spam.
--
Regards,
Adi Nugroho - http://adi.internux.co.id/
iNterNUX --- http://www.internux.net.id/
Jalan Dr. Sam Ratulangi No. 53J Makassar
Tel. +62-411-834690 Fax. +62-411-834691
CDMA:+62-411-6109535 GSM:+62-816-27-9193
--
-Eric 'shubes'
-
Managed Qmailtoaster servers are now available
Visit http://qmailtoaster.com/QMTManaged.html to order yours today!
Qmailtoaster is sponsored by Vickers Consulting Group
(www.vickersconsulting.com)
Please visit qmailtoaster.com for the latest news, updates, and packages.
To unsubscribe, e-mail: testing-unsubscr...@qmailtoaster.com
For additional commands, e-mail: testing-h...@qmailtoaster.com
Re: [qmailtoaster] spam blocking questions
thanks for your reply
spamassassin is such an advanced software i am sure there will be some way
out to handle this.
i hope somebody suggests a solution because such emails would be a
definite spam
rajesh
> On Thursday 23 April 2009 12:58:17 24x7ser...@24x7server.net wrote:
>> 1) I sometimes receive spam mail with both the "mail from" and the "mail
>> to" as the same email id. I need a spamassassin rule to block such
>> emails
>>
>> 2) a spamassassin rule to compare the mail from and envelope sender
>> (reply-to) and if both don't match then allocate a particular score to
>> the
>> email.
>
> I have asked the same question in spamassassin mailing list, but it seems
> that
> spamassassin cannot do it.
>
> I have tried to harden my SPF to block it ("v=spf1 mx -all" instead of
> "v=spf1
> mx ~all" ) , but it create more problem.
>
> My suggestion is to train the spamassassin bayes to catch the spam.
>
> --
> Regards,
>
> Adi Nugroho - http://adi.internux.co.id/
> iNterNUX --- http://www.internux.net.id/
> Jalan Dr. Sam Ratulangi No. 53J Makassar
> Tel. +62-411-834690 Fax. +62-411-834691
> CDMA:+62-411-6109535 GSM:+62-816-27-9193
>
>
>
>
>
>
>
> -
> Managed Qmailtoaster servers are now available
>Visit http://qmailtoaster.com/QMTManaged.html to order yours today!
>
> Qmailtoaster is sponsored by Vickers Consulting Group
> (www.vickersconsulting.com)
>
> Please visit qmailtoaster.com for the latest news, updates, and
> packages.
>
>
> To unsubscribe, e-mail: testing-unsubscr...@qmailtoaster.com
> For additional commands, e-mail: testing-h...@qmailtoaster.com
>
>
>
-
Managed Qmailtoaster servers are now available
Visit http://qmailtoaster.com/QMTManaged.html to order yours today!
Qmailtoaster is sponsored by Vickers Consulting Group
(www.vickersconsulting.com)
Please visit qmailtoaster.com for the latest news, updates, and packages.
To unsubscribe, e-mail: testing-unsubscr...@qmailtoaster.com
For additional commands, e-mail: testing-h...@qmailtoaster.com
Re: [qmailtoaster] spam blocking questions
On Thursday 23 April 2009 12:58:17 24x7ser...@24x7server.net wrote:
> 1) I sometimes receive spam mail with both the "mail from" and the "mail
> to" as the same email id. I need a spamassassin rule to block such emails
>
> 2) a spamassassin rule to compare the mail from and envelope sender
> (reply-to) and if both don't match then allocate a particular score to the
> email.
I have asked the same question in spamassassin mailing list, but it seems that
spamassassin cannot do it.
I have tried to harden my SPF to block it ("v=spf1 mx -all" instead of "v=spf1
mx ~all" ) , but it create more problem.
My suggestion is to train the spamassassin bayes to catch the spam.
--
Regards,
Adi Nugroho - http://adi.internux.co.id/
iNterNUX --- http://www.internux.net.id/
Jalan Dr. Sam Ratulangi No. 53J Makassar
Tel. +62-411-834690 Fax. +62-411-834691
CDMA:+62-411-6109535 GSM:+62-816-27-9193
-
Managed Qmailtoaster servers are now available
Visit http://qmailtoaster.com/QMTManaged.html to order yours today!
Qmailtoaster is sponsored by Vickers Consulting Group
(www.vickersconsulting.com)
Please visit qmailtoaster.com for the latest news, updates, and packages.
To unsubscribe, e-mail: testing-unsubscr...@qmailtoaster.com
For additional commands, e-mail: testing-h...@qmailtoaster.com
[qmailtoaster] spam blocking questions
hi this is more related to spamassassin. 1) I sometimes receive spam mail with both the "mail from" and the "mail to" as the same email id. I need a spamassassin rule to block such emails if the same does not originate from my server. So basically i need to check if header "mail from" and "mail to" are the same and also whether the source of the email is my server ip if not then allocate a score to the email. 2) a spamassassin rule to compare the mail from and envelope sender (reply-to) and if both don't match then allocate a particular score to the email. thanks rajesh - Managed Qmailtoaster servers are now available Visit http://qmailtoaster.com/QMTManaged.html to order yours today! Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: testing-unsubscr...@qmailtoaster.com For additional commands, e-mail: testing-h...@qmailtoaster.com
