John Hardin schrieb:
On Tue, 27 Oct 2009, rpc1 wrote:
My spamassassin plug doesn't check mail where sender address and receiver
address are equal. Like this
Return-Path: <o...@domen.com>
X-Spam-Status: No, hits=0.0 required=3.2
tests=DNSBL_RELAYS.ORDB.ORG: 5.00,DNSBL_BL.SPAMCOP.NET:
5.00,DNSBL_SBL-XBL.SPAMHAUS.ORG: 5.00,
BAYES_99: 4.07,HELO_DYNAMIC_IPADDR2: 3.818,HTML_IMAGE_ONLY_32:
1.052,
HTML_MESSAGE: 0.001,MIME_HTML_ONLY: 0.001,NO_REAL_NAME: 0.961,
URIBL_AB_SURBL: 3.812,URIBL_JP_SURBL: 4.087,URIBL_OB_SURBL: 3.008,
URIBL_SBL: 1.639,URIBL_SC_SURBL: 4.498,URIBL_WS_SURBL: 2.14,
CUSTOM_RULE_FROM: ALLOW,TOTAL_SCORE: 44.087
X-Spam-Level:
Received: from 75-148-3-221-WashingtonDC.hfc.comcastbusiness.net
([75.148.3.221])
by mail.tvtb.ru
for o...@domen.com;
Sun, 25 Oct 2009 07:53:00 +1000
To: oper...@tvtb.ru
Subject: A path leading to your well-being
From: <o...@domen.com>
MIME-Version: 1.0
Importance: High
Content-Type: text/html
How can I create a new rule which will check equity fields TO and
FROM ???
I would suggest that is not really what you want to do, as you'll rarely
see that on spam that isn't addressed to your domain. What you probably
want to do is reject mail that is claiming to be from your domain, but
does not actually originate from your domain - in other words, mail
where someone is forging your domain name on the sender address.
Is that a better description of what you want to do?
That has been covered several times, I am pretty sure within the last
month. Please check the list archives for the past two months for a
thread having a subject like "to = from". You'll find a discussion of
setting up an SPF record for your domain and using whitelist_from_auth
to enforce it, and another discussion (involving me) of using
milter-regex to reject such forged sender addresses at SMTP time. Both
methods work well, I would modestly say milter-regex works better
because it bypasses SA and is thus a lighter solution overall.
<mutter>Maybe I should throw a rule like that into the sandbox and see
how well it does...</mutter>
If you do not like SPF and you do not have remote users who are allowed
to send mail with local domain you can add a rule to header checks.
e.g Postfix :
/etc/postfix/header_checks :
/^From:.*example\.com/ REJECT
Cheers
Ralph
