Re: [SAtalk] Re: Having trouble coding a local rule
At 10:44 29/12/2003 +1000, Peter Kiem wrote: Just a guess ... because the From address is not [EMAIL PROTECTED]? I thought the from rule worked on the envelope sender of the email and not the easily forged from header :( You mean on the easily forged envelope sender instead of the easily forged from header ? :) Envelope sender is just as easily forged as the head from address, both are provided by the original SMTP sender... *Everything* on an email is trivially forgable except for the transit header added by the *final* mailserver, which includes the ip address of the server immediately prior to it. Once you realise this, you can see how whitelisting is easy to fool...(and why spammers have a field day including bogus headers...) Regards, Simon --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
Re: [SAtalk] Re: Having trouble coding a local rule
Once you realise this, you can see how whitelisting is easy to fool... Which is exactly why I didn't want a whitelisting solution, just a reduction in spam scoring. -- Regards, +-+-+ | Peter Kiem.^. | E-Mail: [EMAIL PROTECTED] | | Zordah IT /V\ | Mobile: +61 0414 724 766| | IT Consultancy /( )\ | WWW : www.zordah.net | | Internet Services ^^-^^ | ICQ : Zordah 81 | +-+-+ My current spamtrap address is [EMAIL PROTECTED] --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
[SAtalk] Re: Having trouble coding a local rule
Peter Kiem wrote: header LOCAL_GOOD_SENDER_11 From =~ /[EMAIL PROTECTED]/ score LOCAL_GOOD_SENDER_11 -2.0 Return-Path: [EMAIL PROTECTED] From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Why isn't the local rule being activated? Just a guess ... because the From address is not [EMAIL PROTECTED]? You might try dropping the [EMAIL PROTECTED] part of the rule and you might have better luck. Or, simply whitelist that domain in your user_prefs or local.cf. david --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
Re: [SAtalk] Re: Having trouble coding a local rule
Just a guess ... because the From address is not [EMAIL PROTECTED]? I thought the from rule worked on the envelope sender of the email and not the easily forged from header :( You might try dropping the [EMAIL PROTECTED] part of the rule and you might have better luck. Yeah I might do that. I like to try to be as explicit as possible. Or, simply whitelist that domain in your user_prefs or local.cf. Preferably not as if someone does forge it, then the mail goes straight through... Thanks for your help. -- Regards, +-+-+ | Peter Kiem.^. | E-Mail: [EMAIL PROTECTED] | | Zordah IT /V\ | Mobile: +61 0414 724 766| | IT Consultancy /( )\ | WWW : www.zordah.net | | Internet Services ^^-^^ | ICQ : Zordah 81 | +-+-+ My current spamtrap address is [EMAIL PROTECTED] --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
Re: [SAtalk] Re: Having trouble coding a local rule
On Mon, Dec 29, 2003 at 10:44:24AM +1000, Peter Kiem wrote: Just a guess ... because the From address is not [EMAIL PROTECTED]? I thought the from rule worked on the envelope sender of the email and not the easily forged from header :( You might try dropping the [EMAIL PROTECTED] part of the rule and you might have better luck. Yeah I might do that. I like to try to be as explicit as possible. Or, simply whitelist that domain in your user_prefs or local.cf. Preferably not as if someone does forge it, then the mail goes straight through... Isn't that what whitelist_from_rcvd is for? man Mail::SpamAssassin::Conf -- Scott LambertKC5MLE Unix SysAdmin [EMAIL PROTECTED] --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
Re: [SAtalk] Re: Having trouble coding a local rule
Peter Kiem [EMAIL PROTECTED] wrote: I thought the from rule worked on the envelope sender of the email and not the easily forged from header :( What makes you think the envelope sender isn't easily forged? -- Keith C. Ivey [EMAIL PROTECTED] Washington, DC --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
Re: [SAtalk] Re: Having trouble coding a local rule
Preferably not as if someone does forge it, then the mail goes straight through... Isn't that what whitelist_from_rcvd is for? man Mail::SpamAssassin::Conf The point is I *DON'T* want to whitelist. I wanted just to lower the SA scores with a local rule. -- Regards, +-+-+ | Peter Kiem.^. | E-Mail: [EMAIL PROTECTED] | | Zordah IT /V\ | Mobile: +61 0414 724 766| | IT Consultancy /( )\ | WWW : www.zordah.net | | Internet Services ^^-^^ | ICQ : Zordah 81 | +-+-+ My current spamtrap address is [EMAIL PROTECTED] --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
Re: [SAtalk] Re: Having trouble coding a local rule
What makes you think the envelope sender isn't easily forged? OK point taken, but from what I have seen the From headers are *usually* what are forged and not the envelope address. -- Regards, +-+-+ | Peter Kiem.^. | E-Mail: [EMAIL PROTECTED] | | Zordah IT /V\ | Mobile: +61 0414 724 766| | IT Consultancy /( )\ | WWW : www.zordah.net | | Internet Services ^^-^^ | ICQ : Zordah 81 | +-+-+ My current spamtrap address is [EMAIL PROTECTED] --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
Re: [SAtalk] Re: Having trouble coding a local rule
On Mon, 29 Dec 2003, Peter Kiem wrote: Preferably not as if someone does forge it, then the mail goes straight through... Isn't that what whitelist_from_rcvd is for? man Mail::SpamAssassin::Conf The point is I *DON'T* want to whitelist. I wanted just to lower the SA scores with a local rule. Actually, 'whitelist_from_rcvd' is the way to go, as it will only apply if -both- the From address and the DNS host name of the sending system match the rule. However looking back at your first post I see that the DNS reverse map for the 'sneezy' system is FUBAR, so you cannot use it. -- Dave Funk University of Iowa dbfunk (at) engineering.uiowa.eduCollege of Engineering 319/335-5751 FAX: 319/384-0549 1256 Seamans Center Sys_admin/Postmaster/cell_adminIowa City, IA 52242-1527 #include std_disclaimer.h Better is not better, 'standard' is better. B{ --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
Re: [SAtalk] Re: Having trouble coding a local rule
At Mon Dec 29 01:30:45 2003, Peter Kiem wrote: What makes you think the envelope sender isn't easily forged? OK point taken, but from what I have seen the From headers are *usually* what are forged and not the envelope address. Spammers don't want any trace back to them, and they don't want bounces either. Where the envelope address exists and is deliverable, (a) it's a fluke that a legitimate address came out of their random address generator, or (b) it's a deliberate denial-of-service or other attack on someone they don't like. Summary: with spam, trust nothing. Martin -- Martin Radford | Only wimps use tape backup: _real_ [EMAIL PROTECTED] | men just upload their important stuff -o) Registered Linux user #9257 | on ftp and let the rest of the world /\\ - see http://counter.li.org | mirror it ;) - Linus Torvalds _\_V --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
Re: [SAtalk] Re: Having trouble coding a local rule
Hi David, Actually, 'whitelist_from_rcvd' is the way to go, as it will only apply if -both- the From address and the DNS host name of the sending system match the rule. However looking back at your first post I see that the DNS reverse map for the 'sneezy' system is FUBAR, so you cannot use it. Ahh ok, I'll have a closer look at that one then. Thanks for your assistance :) -- Regards, +-+-+ | Peter Kiem.^. | E-Mail: [EMAIL PROTECTED] | | Zordah IT /V\ | Mobile: +61 0414 724 766| | IT Consultancy /( )\ | WWW : www.zordah.net | | Internet Services ^^-^^ | ICQ : Zordah 81 | +-+-+ My current spamtrap address is [EMAIL PROTECTED] --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click ___ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk