On Thu, 16 Sep 2004, David B Funk wrote:
On Wed, 15 Sep 2004, Dan Mahoney, System Admin wrote:
[snip..]Guys,
Given that some spammers like to just slam mail at everyone at an entire domain, is there an option to "greylist" these addresses?
For example, my father's wife peggy has the domain peggytaggart.com, she ONLY gives out the peggy@ email address for this.(What's really annoying is that sendmail doesn't log the ip of the remote connection until it's done (if you're blocking them) -- I'd love to be able to create an RBL on this and nip it in the bud).
This is a sendmail config issue. Just up the "LogLevel" a few notches. Then it will add log entries for every connection opening (as well as other stuff).
However, while spamassassin seems to have whitelist_to (and I could whitelist_to [EMAIL PROTECTED]), this defeats any other spamassassin tactics. I could also do blacklist_to herdomain.com but this would effectively LIMIT her real mail. I guess what I'm looking to know is if there's any way for users who get all the mail for a specific domain (like she does) to list which ones are "real" (but still may get spam), and which ones aren't (so they're likely definitely spam).
Just write a custom rule, so that if the 'To:' contains "@peggytaggart.com" but isn't "[EMAIL PROTECTED]" then hit.
Also, wouldn't it be a good idea for SpamAssassin to start going off on multiple emails to the same domain from the same address/ip?
Potentially really bad idea. For example our central admin likes to send out periodic notices to groups of students (one message, one source, thousands of recipients). They would -not- be amused if it were tagged by SA.
Which is where whitelist_from_recvd would come in. Your central admin, I'm sure, is within your mail sphere, and you would probably want to accept mail from him, even *if* he's sending out an email about generic viagra. However, this would also not apply in the situation I'm talking about, because the preference I'm looking for is per-user:
I have a header inserted, the X-Envelope-To: header, that makes it apparent where mail is being sent. Spamassassin could check this and work on it. It doesn't even have to be a scoring rule, it could simply work to report the ip, for future refusal by sendmail.
I'm not saying that this is a good rule for everyone, but I've always believed rulesets, much like bayes databases, are isomorphic.
This is a rule that would best suit those people who receive mail for an entire domain. Since procmail runs as *them*, it would have to keep a table of recipients, and source ip addresses in the same way it maintains their bayes databases.
-Dan
--
"Your future hasn't been written yet; no one's has. So make it a good one!"
-"Doc" Emmet L. Browne, Back to the Future III
--------Dan Mahoney-------- Techie, Sysadmin, WebGeek Gushi on efnet/undernet IRC ICQ: 13735144 AIM: LarpGM Site: http://www.gushi.org ---------------------------
