Liam-PrintingAutomation wrote:
I'm noticing we're getting a lot of spam coming through with a from
address of our own domain. This gives spamassassin an automatic -100 on
the score pretty much guaranteeing that it'll not get flagged as spam.
Since we have a limited number of people using that domain, is there a
way to tell spamassassin to block or at least give a really bad score ot
any email with a FROM as coming from our domain but is not a user (left
of @ sign) that isn't one of these X addresses?
Thanks for any advice!
Liam
Presumably this is because you've whitelisted your whole domain. For
example:
whitelist_from [EMAIL PROTECTED]
but some more information as to exactly how these mails are being
assigned -100 would be useful. Assuming the above, IMHO this is a Bad
Idea for the reasons you've just discovered.
If you're going to whitelist like this, maybe try *only* whitelisting
legitimate accounts:
whitelist_from [EMAIL PROTECTED]
whitelist_from [EMAIL PROTECTED]
etc...
which would achieve what you've asked for.
Personally, I don't whitelist any of my domains and just leave SA to get
on with it and scan my mail as normal. If I get any problematic mails
then I add a rule on a case by case basis (usually a meta rule). For
example, if the MD always sends a "monthly sales figures" mail that gets
snagged by SA I'd write a meta rule to detect mail from the MD with the
subject containing "monthly sales figures" and give it a negative score
as appropriate.
Other measures like SPF would allow you to specify servers allowed to
send mail for your domain(s) but they're not going to help when a
whitelisting score of -100 is arbitrarily applied to all mails.
