Yesy you're rigth . "Most large domains have separate MTA's for sending and receiving mail". i will try Whitelist_from_rcvd as soon as possible
Matt Kettler <[EMAIL PROTECTED]> wrote: Gokhan ALKAN wrote: > > I have received some mails that from domain and return-path domain > is different and from domain is in whitelist nowadays. So > spamassassin decide mail that is ham . because of user_in_whilist rule. Rule 1: DO NOT use whitelist_from unless you have NO other options. Use whitelist_from_rcvd or whitelist_from_spf instead. Whitelist_from is an evil hack of last resort. Rule 2: this is particularly important for your own domain, as this is an obvious target for spammers to try. These alternate versions require more than just a From: or Return-Path: header match to cause whitelisting. Whitelist_from_rcvd will match a combination of a From: header, and has a second parameter that will check the reverse-dns lookup of the host delivering it to a trusted mailserver. whitelist_from_spf will use SPF records, and will only match if the mail is also sent by a server that passes the SPF records of the domain. > > can i block this spam that check mx records as from domain and compare > sender ip address ? But why would that be effective? Most large domains have separate MTA's for sending and receiving mail, thus none of their mail will come from a MTA that matches the MX record. This feature would only be useful for small-shops, and only if you know for sure the small shop uses the "one server does it all" setup, and that you know the admin will call you and let you know if he decides to change it. My work domain serves a reasonably small population of users, but for quite a while had a separate sending and receiving MTA. However, I recently folded that back in on one host, but might split it back out at any moment. --------------------------------- Be a PS3 game guru. Get your game face on with the latest PS3 news and previews at Yahoo! Games.
