Re: need a rule to whitelist spamassassin users group
From: David B Funk [EMAIL PROTECTED]
On Tue, 14 Dec 2004, Andy Norris wrote:
In that case, this leads to another question -- how, then, to reliably
whitelist eBay? I would imagine they are a big target of forgers? I
tried
def_whitelist_from_rcvd [EMAIL PROTECTED] ebay.com
but that didn't work. Now I just have
whitelist_from [EMAIL PROTECTED] yes
.
With those caveats, def_whitelist_from_rcvd works just fine, I've got
a local config file with hundreds of them to make sure that all sorts
of potentially troublesome messages get properly delivered (EG lists
like this one, Yahoo groups messages, Airline notices, etc).
FYI, whitelist_from_rcvd entry for this list looks like:
whitelist_from_rcvd [EMAIL PROTECTED] apache.org
By using the wild-card for the mail host ([EMAIL PROTECTED]) it works
for lots of apache.org projects lists. ;)
My eBay entries looks like:
def_whitelist_from_rcvd [EMAIL PROTECTED]ebay.com
def_whitelist_from_rcvd [EMAIL PROTECTED] ebay.com
def_whitelist_from_rcvd [EMAIL PROTECTED]emailebay.com
def_whitelist_from_rcvd [EMAIL PROTECTED] emailebay.com
Of course, for the spamassassin lists I found something like what I did
in procmail is best:
---9---
:0 fw: spamassassin.lock
* 25
* !^List-Id: .*(spamassassin\.apache.\org)
| /usr/bin/spamc -t 150
---9---
{^_^}
Re: need a rule to whitelist spamassassin users group
From: David B Funk [EMAIL PROTECTED]
On Tue, 14 Dec 2004, jdow wrote:
Of course, for the spamassassin lists I found something like what I did
in procmail is best:
---9---
:0 fw: spamassassin.lock
* 25
* !^List-Id: .*(spamassassin\.apache.\org)
| /usr/bin/spamc -t 150
---9---
{^_^}
Ahh, I see.
OK spammers, to blast Jane with spam just forge a spamassassin.apache.org
List-Id header in your messages. It'll then waltz right past her filter.
;)
The whole reason for the complexity of whitelist_from_rcvd is the
work that it does to make it immune to header forgeries.
That changes to another indicator or a set of indicators once the spammers
attempt that List-Id: thing. Meantime it is an easy trick.
{^_-}Joanne
RE: need a rule to whitelist spamassassin users group
whitelist_tousers@spamassassin.apache.org Will do it. -Original Message- From: Andy Norris [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 14, 2004 10:47 AM To: users@spamassassin.apache.org Subject: need a rule to whitelist spamassassin users group As the subject implies... what would be a good rule to use to make sure all this talk about spam doesn't end up in my spam trap? (I also need to whitelist the mailscanner list messages.) I'm just cutting my teeth on the rules writing gig. My first was to get all those jackrabb1t vlbrat0r5 out of my inbox ;-) Thanks very much, Andy
Re: need a rule to whitelist spamassassin users group
On Tuesday 14 December 2004 15:46, Andy Norris might have typed: As the subject implies... what would be a good rule to use to make sure all this talk about spam doesn't end up in my spam trap? Don't pass list mail through your scanning engine. Best whitelist there is, and it won't poison your Bayes.
Re: need a rule to whitelist spamassassin users group
Andy as you're using MailScanner, could do it in that ... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Andy Norris wrote: As the subject implies... what would be a good rule to use to make sure all this talk about spam doesn't end up in my spam trap? (I also need to whitelist the mailscanner list messages.) I'm just cutting my teeth on the rules writing gig. My first was to get all those jackrabb1t vlbrat0r5 out of my inbox ;-) Thanks very much, Andy ** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. **
Re: need a rule to whitelist spamassassin users group
More to learn for me. I need to figure out how, then, not to pass list mail through the scanner. Thanks, Andy At 10:17 am 2004-12-14, you wrote: On Tuesday 14 December 2004 15:46, Andy Norris might have typed: As the subject implies... what would be a good rule to use to make sure all this talk about spam doesn't end up in my spam trap? Don't pass list mail through your scanning engine. Best whitelist there is, and it won't poison your Bayes.
RE: need a rule to whitelist spamassassin users group
Wouldn't the best options be to whitelist the sending server's IP address (209.237.227.199). FROM values can be forged, both in the e-mail and in the SMTP envelope. (Of course, we'd be in big trouble if the apache server were hacked or virus infected... but I'm assuming that the security there is top notch...) Rob McEwen
Re: need a rule to whitelist spamassassin users group
Andy look in the examples rule in your MailScanner rules directory... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 Andy Norris wrote: More to learn for me. I need to figure out how, then, not to pass list mail through the scanner. Thanks, Andy At 10:17 am 2004-12-14, you wrote: On Tuesday 14 December 2004 15:46, Andy Norris might have typed: As the subject implies... what would be a good rule to use to make sure all this talk about spam doesn't end up in my spam trap? Don't pass list mail through your scanning engine. Best whitelist there is, and it won't poison your Bayes. ** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. **
RE: need a rule to whitelist spamassassin users group
In that case, this leads to another question -- how, then, to reliably whitelist eBay? I would imagine they are a big target of forgers? I tried def_whitelist_from_rcvd [EMAIL PROTECTED] ebay.com but that didn't work. Now I just have whitelist_from [EMAIL PROTECTED] yes With IP addresses is there a greater chance of the server (theirs) crashing, and now the whitelist doesn't account for the backup mail server? Or if a company uses more than one mail server... getting all the IPs? Is this just something I should email support at eBay for and see if they've got something of a canned response for this? Any ideas why my first whitelist_from_rcvd rule might not have worked? It's in a custom rules file I have (TireSwing.cf)... I linted, and all seemed fine?? Thanks, Andy At 11:32 am 2004-12-14, Rob McEwen wrote: Wouldn't the best options be to whitelist the sending server's IP address (209.237.227.199). FROM values can be forged, both in the e-mail and in the SMTP envelope. (Of course, we'd be in big trouble if the apache server were hacked or virus infected... but I'm assuming that the security there is top notch...) Rob McEwen
RE: need a rule to whitelist spamassassin users group
Andy Norris said: Or if a company uses more than one mail server... getting all the IPs? Is this just something I should email support at eBay for and see if they've got something of a canned response for this? You're kidding right? First, I seriously doubt they have a canned response for it. Then, what are the chances of the monkey hitting the keyboard hitting the right key to get you the response to fit your needs? I had a fairly lengthy exchange with eBay SafeHarbor once I should throw up on my website. Essentially, User1 posted all the contact information about User2 in a Stay away from User2 message to a newsgroup. I went to their appropriate form (a user published contact details of another member or something...) I mentioned that it was in a Usenet Newsgroup post, not an e-mail and then posted the usenet article, full headers and all. About 4 days later, I get a e-mail that in order to investigate, they need the full headers, and give examples of e-mail headers. I reply back that this is a USENET post, not e-mail, and reiterate the situation. I then another 4 days later get a e-mail that they will investigate User3 and thank me for the information. USER3??? WHO'S THAT?? I respond again for them to READ, and see that it's USER1 - don't even know who User3 is. I then get a reply thanking me, and that I may wish to Block User1 from e-mailing me again by using the filters in my e-mail program... The sound of my head hitting the desk was heard for miles.
