Matt Kettler wrote: > Bob Proulx wrote: > > whitelist_from_rcvd [EMAIL PROTECTED] example.com > > whitelist_from_rcvd [EMAIL PROTECTED] mymachine.example.com > > where "mymachine.example.com" is some internal machine that spam won't > arrive from, but outbound nonspam will?
Unfortunately there are many (in the thousands) of hosts which could send non-spam mail in *.example.com. So that does not work. There are probably 20-30 hosts which are border machines which _may_ relay spam from the Internet to the local network. Listing them out would be hard. Using wildcards might work. Can wildcards be used in the "mymachine.example.com" location above such as "relay*.example.com"? If so then perhaps (if this existed) a blacklist_from_rcvd would work. whitelist * blacklist_from_rcvd [EMAIL PROTECTED] *relay*.example.com Of course that is still not quite good even if blacklist_from_rcvd actually existed. The process looks interesting. But it leaves out the possibility that non-spam email might come from the border machines. And it misses out on the information as to whether there were non-local domains in the received headers. The one really telling sign is seeing a non-example.com machine in a received header. If this were shell I would 'grep -v example.com' from the headers and if the result were nonzero then I would know it came from outside the network. Seeing a non-local domain in the received header is equivalent to seeing only local domains in the header. Another nice wishlist item would be to check the IP addresses in the received headers and check based upon CIDR addresses. Anything with an IP which is not one of the local networks would be suspect. I think this might be something that procmail filters through perl before spamassassin. This could add a header to the mail which then SA could score against. I would rather do this all within SA, though, since that is already hooked into the mail flow. Bob ------------------------------------------------------- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01 _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
