-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Adam Todd wrote: > I've been getting heaps of false positives of late, SPAM is on the rise > dramatically over 100% increase held pending as this time least year > (around 1800 in seven days now in excess of 4500 in seven days) > > These are samples of the false positives. Anyone have any clues? The > senders are NOT in my lists!
I think you mean false negatives - i.e. messages determined falsely not to be SPAM, when they in fact are. At least, I think that's the usual "order" of comparison! > Date: Sat, 06 Jan 2007 23:04:38 +1100 > Sndr: [EMAIL PROTECTED] > From: "Travis Williams" <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Subj: gold, the house and shall make thee unto: therefore my > Actn: OK (from-file /home/at/.tmda/lists/confirmed ok) (18969) > > Date: Sat, 06 Jan 2007 16:25:15 +1100 > Sndr: (me)@(my domain name) <---- removed legitiamte address > From: "Ray" <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Subj: And as a man, hardeneth took Agag the word of the Lord thy nose and not > Actn: OK (from-file /home/at/.tmda/lists/confirmed > ok) (18053) It looks like the SPAMmer is forging the envelope sender to be your address (rather than the FROM header value). You should configure you SMTP server such that any email that has an envelope sender in your domain(s) is rejected. Then, you need to enable authenticated users to override this restriction, so your internal users can still send out email via your mail servers (and only your mail servers). This could be done via STARTTLS and AUTH on your primary SMTP port, or using a separate SMTP server (tmda-ofmipd could be used, or a separate instance of your existing SMTP server). -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFn/Bihk3bo0lNTrURAtjQAKCbhsy7d+7NmMcHxOomb3rlxfRqRwCg5Rnv A7S88esP0z6jZ3CAWss5yDY= =Hobm -----END PGP SIGNATURE----- _____________________________________________ tmda-users mailing list (tmda-users@tmda.net) http://tmda.net/lists/listinfo/tmda-users