On 30-Aug-06, at 11:41 PM, Rick Roe wrote:
I get a lot of spam whose From addresses are users that don't exist on my system (random names like [EMAIL PROTECTED], [EMAIL PROTECTED], etc). I recently set up a scheme to manually blacklist all From addresses on my domains and un-blacklist the fifty or so "real" addresses mail can legitimately come from (the system aliases like postmaster, daemon, and so forth, and a small handful of real users each with a handful of aliases), using blacklist_from and unblacklist_from in the local config file.This is a rather fragile system, though -- anytime I go to add any new users or aliases, I'll have to edit my local.cf files to match. My user population is rather static, so it's not a big deal, but it seems like there should be a simpler, more automatic way to do this. Am I missing something?
SPF will address this at the MTA. Depending on your MTA you may be able to address this by checking against the user database but I wouldn't do it in SpamAssasin. It's a content filter, it shouldn't be verifying user accounts for this purpose.
-- Gino Cerullo Pixel Point Studios 21 Chesham Drive Toronto, ON M3M 1W6 416-247-7740
smime.p7s
Description: S/MIME cryptographic signature