On Wed, Jul 03, 2002 at 09:18:41PM -0500, Richie Laager wrote: | We're running SA on a couple of boxes to spam filter mail. | MIMEDefang is used as the filtering agent, which bounces | messages above 7 points. As these machines are gateways for | incoming mail only, would it be a good idea to blacklist our | domains? I'm thinking that nobody should be sending messages | with a from address that is within our domains. I did some | checking, and only spammy-looking domains would trigger this, | with one exception: miles.ebay.com. Any thoughts?
I am 'user1' at your domain. I have a .forward file that directs mail to '[EMAIL PROTECTED]' (not your domain). That address has a .forward that ends up delivering the message to 'user2' at your domain. Oops, you just blacklisted my legit mail. Other similar legit and reasonable scenarios exist. Suppose I have an address at your domain, but I forward mail to a different machine where I read it. Some user at your domain sends me a message, then I "bounce" (in mutt terms) the message to a third user at your domain. In that case the envelope sender (which SA doesn't see) was the outside address, but the From: was the original sender from your domain. On the surface it sounds like a good idea, but when you get a bit deeper it isn't really practical. Maybe a not-too-high scoring rule for those messages would be acceptable, but that's for you to decide. -D -- A mouse is a device used to point at the xterm you want to type in. --Kim Alm, a.s.r http://dman.ddts.net/~dman/
msg07019/pgp00000.pgp
Description: PGP signature
