On Tue, 27 Oct 2009, rpc1 wrote:
My spamassassin plug doesn't check mail where sender address and receiver
address are equal. Like this
Return-Path: <o...@domen.com>
X-Spam-Status: No, hits=0.0 required=3.2
tests=DNSBL_RELAYS.ORDB.ORG: 5.00,DNSBL_BL.SPAMCOP.NET:
5.00,DNSBL_SBL-XBL.SPAMHAUS.ORG: 5.00,
BAYES_99: 4.07,HELO_DYNAMIC_IPADDR2: 3.818,HTML_IMAGE_ONLY_32:
1.052,
HTML_MESSAGE: 0.001,MIME_HTML_ONLY: 0.001,NO_REAL_NAME: 0.961,
URIBL_AB_SURBL: 3.812,URIBL_JP_SURBL: 4.087,URIBL_OB_SURBL: 3.008,
URIBL_SBL: 1.639,URIBL_SC_SURBL: 4.498,URIBL_WS_SURBL: 2.14,
CUSTOM_RULE_FROM: ALLOW,TOTAL_SCORE: 44.087
X-Spam-Level:
Received: from 75-148-3-221-WashingtonDC.hfc.comcastbusiness.net
([75.148.3.221])
by mail.tvtb.ru
for o...@domen.com;
Sun, 25 Oct 2009 07:53:00 +1000
To: oper...@tvtb.ru
Subject: A path leading to your well-being
From: <o...@domen.com>
MIME-Version: 1.0
Importance: High
Content-Type: text/html
How can I create a new rule which will check equity fields TO and FROM ???
I would suggest that is not really what you want to do, as you'll rarely
see that on spam that isn't addressed to your domain. What you probably
want to do is reject mail that is claiming to be from your domain, but
does not actually originate from your domain - in other words, mail where
someone is forging your domain name on the sender address.
Is that a better description of what you want to do?
That has been covered several times, I am pretty sure within the last
month. Please check the list archives for the past two months for a thread
having a subject like "to = from". You'll find a discussion of setting up
an SPF record for your domain and using whitelist_from_auth to enforce it,
and another discussion (involving me) of using milter-regex to reject such
forged sender addresses at SMTP time. Both methods work well, I would
modestly say milter-regex works better because it bypasses SA and is thus
a lighter solution overall.
<mutter>Maybe I should throw a rule like that into the sandbox and see how
well it does...</mutter>
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
...the Fates notice those who buy chainsaws...
-- www.darwinawards.com
-----------------------------------------------------------------------
4 days until Halloween