Re: Rule(s) to tie From and To addresses together?

2007-11-26 Thread Tom Wheeler 
Thanks, Matt.  That seems to be the type of rule what I was looking for.

On Nov 26, 2007 8:02 AM, Matt Kettler <[EMAIL PROTECTED]> wrote:

> The following greylist.conf would do what you want:
> ---
> acl whitelist from [EMAIL PROTECTED] rcpt [EMAIL PROTECTED]
> acl blacklist rcpt [EMAIL PROTECTED]
> acl whitelist default
> ---
>
> Since the rules get applied in-order and the first match wins, the first
> rule will allow mail from your bank, while the second will 5xx anything
> else sent to that address.
>
> There's even examples of combining from and rcpt into a single
> statement, and if you want to could tack on domain or addr to restrict
> the hostname or IP address of the sending server.
>
> If you wanted to make it work for "anyone" at mybank.com you can switch
> to a regex for the from part:
>
> acl whitelist from /@mybank\.com/ rcpt [EMAIL PROTECTED]
>
>

-- 
Tom Wheeler
http://www.tomwheeler.com/

Re: Rule(s) to tie From and To addresses together?

2007-11-26 Thread Matt Kettler 
mouss wrote:
> Mike Kenny wrote:
>>
>>
>> I hope to use this to cut down on spam and phishing attempts,
>> because
>> I could identify legitimate mail by virtue of having the correct
>> sender address (or at least domain) and recipient. That is, mail
>> from
>> [EMAIL PROTECTED]  to the
>> [EMAIL PROTECTED]  is very likely
>> mail
>> from my bank, but mail from [EMAIL PROTECTED]
>>  to that same address
>> is not.  Likewise, mail from [EMAIL PROTECTED]
>>  to [EMAIL PROTECTED]
>> 
>> is invalid.
>>
>>
>> Won't greylisting fulfill most of the requirements here?
>
> No. greylisting will not block mail from real MTAs that retry, unless
> they have been block listed in the meantime.
>
Greylisting may not fulfill it exactly, but milter-greylist can.

Despite being designed for greylisting, it has a powerful ACL language
for white, black, or greylisting hosts. You can also not greylist at all
by not declaring any greylist statements and making the "default action"
acl a whitelist.

The following greylist.conf would do what you want:
---
acl whitelist from [EMAIL PROTECTED] rcpt [EMAIL PROTECTED]
acl blacklist rcpt [EMAIL PROTECTED]
acl whitelist default
---

Since the rules get applied in-order and the first match wins, the first
rule will allow mail from your bank, while the second will 5xx anything
else sent to that address.

There's even examples of combining from and rcpt into a single
statement, and if you want to could tack on domain or addr to restrict
the hostname or IP address of the sending server.

If you wanted to make it work for "anyone" at mybank.com you can switch
to a regex for the from part:

acl whitelist from /@mybank\.com/ rcpt [EMAIL PROTECTED]


Now, that assumes you use sendmail or postfix, (ie: you can use
sendmail-style milters with your MTA.)

You might also be able to get milter-regex to do something like this,
but I've not used it before..

Re: Rule(s) to tie From and To addresses together?

2007-11-26 Thread mouss 

Mike Kenny wrote:



I hope to use this to cut down on spam and phishing attempts, because
I could identify legitimate mail by virtue of having the correct
sender address (or at least domain) and recipient. That is, mail from
[EMAIL PROTECTED]  to the
[EMAIL PROTECTED]  is very likely mail
from my bank, but mail from [EMAIL PROTECTED]
 to that same address
is not.  Likewise, mail from [EMAIL PROTECTED]
 to [EMAIL PROTECTED]

is invalid.


Won't greylisting fulfill most of the requirements here?


No. greylisting will not block mail from real MTAs that retry, unless 
they have been block listed in the meantime.

Re: Rule(s) to tie From and To addresses together?

2007-11-25 Thread Mike Kenny 
>
>
> I hope to use this to cut down on spam and phishing attempts, because
> I could identify legitimate mail by virtue of having the correct
> sender address (or at least domain) and recipient. That is, mail from
> [EMAIL PROTECTED] to the [EMAIL PROTECTED] is very likely mail
> from my bank, but mail from [EMAIL PROTECTED] to that same address
> is not.  Likewise, mail from [EMAIL PROTECTED] to [EMAIL PROTECTED]
> is invalid.
>

Won't greylisting fulfill most of the requirements here?

RE: Rule(s) to tie From and To addresses together?

2007-11-23 Thread Robert - elists 
> 
> Not exactly, just looking to set up a rule that says (per the earlier
> example) any mail to [EMAIL PROTECTED] that is *not* coming from
> mybank.com is almost certainly spam.  Likewise, I would like to set up
> a rule to say that mail from [EMAIL PROTECTED] to that address is
> more likely (but not certain) to be legitimate.

Hm well it appears to me that you just need to check the many sending
domains that you will be recv from for spf and dkim records etc and put in
appropriate .cf file language

Maybe you need to use some external to SA rules like SARE or enable some
plugins.

Depends on your SA setup.

Otherwise, I think just let SA do it's job.

 - rh

Re: Rule(s) to tie From and To addresses together?

2007-11-23 Thread Tom Wheeler 
> What else would you want to do?
>
> ...surely not blanket whitelisting eh?

Not exactly, just looking to set up a rule that says (per the earlier
example) any mail to [EMAIL PROTECTED] that is *not* coming from
mybank.com is almost certainly spam.  Likewise, I would like to set up
a rule to say that mail from [EMAIL PROTECTED] to that address is
more likely (but not certain) to be legitimate.

RE: Rule(s) to tie From and To addresses together?

2007-11-23 Thread Robert - elists 

> 
> As part of my efforts to track and control spam, I bought a domain and
> created a unique alias to give to every distinct company with which I
> do business.  For example, the address I gave to my bank might be
> [EMAIL PROTECTED], while the one I gave to an online bookseller
> might be [EMAIL PROTECTED]
> 
> I hope to use this to cut down on spam and phishing attempts, because
> I could identify legitimate mail by virtue of having the correct
> sender address (or at least domain) and recipient. That is, mail from
> [EMAIL PROTECTED] to the [EMAIL PROTECTED] is very likely mail
> from my bank, but mail from [EMAIL PROTECTED] to that same address
> is not.  Likewise, mail from [EMAIL PROTECTED] to [EMAIL PROTECTED]
> is invalid.
> 
> Is there any way to set up spamassassin rules to mark messages on this
> basis?  Apologies in advance if this has come up before, but I had a
> hard time thinking of keywords to search the archives.

Just let spamassassin do it's job.

Yet, there are options like checking the sending domains for spf records and
other such identifiers and putting in appropriate entries in a .cf file in
the correct place on your server(s).

What else would you want to do?

...surely not blanket whitelisting eh?

 - rh

Rule(s) to tie From and To addresses together?

2007-11-23 Thread Tom Wheeler 
As part of my efforts to track and control spam, I bought a domain and
created a unique alias to give to every distinct company with which I
do business.  For example, the address I gave to my bank might be
[EMAIL PROTECTED], while the one I gave to an online bookseller
might be [EMAIL PROTECTED]

I hope to use this to cut down on spam and phishing attempts, because
I could identify legitimate mail by virtue of having the correct
sender address (or at least domain) and recipient. That is, mail from
[EMAIL PROTECTED] to the [EMAIL PROTECTED] is very likely mail
from my bank, but mail from [EMAIL PROTECTED] to that same address
is not.  Likewise, mail from [EMAIL PROTECTED] to [EMAIL PROTECTED]
is invalid.

Is there any way to set up spamassassin rules to mark messages on this
basis?  Apologies in advance if this has come up before, but I had a
hard time thinking of keywords to search the archives.