On 8/19/03 1:51 PM, "Bob Proulx" <[EMAIL PROTECTED]> wrote:

> Matt Kettler wrote:
>> Bob Proulx wrote:
>>>  whitelist_from_rcvd [EMAIL PROTECTED] example.com
>> 
>> whitelist_from_rcvd [EMAIL PROTECTED] mymachine.example.com
>> 
>> where "mymachine.example.com" is some internal machine that spam won't
>> arrive from, but outbound nonspam will?
> 
> Unfortunately there are many (in the thousands) of hosts which could
> send non-spam mail in *.example.com.  So that does not work.
> 
> There are probably 20-30 hosts which are border machines which _may_
> relay spam from the Internet to the local network.  Listing them out
> would be hard.  Using wildcards might work.  Can wildcards be used in
> the "mymachine.example.com" location above such as
> "relay*.example.com"?  If so then perhaps (if this existed) a
> blacklist_from_rcvd would work.
> 
> whitelist *
> blacklist_from_rcvd [EMAIL PROTECTED] *relay*.example.com
> 
> Of course that is still not quite good even if blacklist_from_rcvd
> actually existed.  The process looks interesting.  But it leaves out
> the possibility that non-spam email might come from the border
> machines.  And it misses out on the information as to whether there
> were non-local domains in the received headers.
> 
> The one really telling sign is seeing a non-example.com machine in a
> received header.  If this were shell I would 'grep -v example.com'
> from the headers and if the result were nonzero then I would know it
> came from outside the network.  Seeing a non-local domain in the
> received header is equivalent to seeing only local domains in the
> header.
> 
> Another nice wishlist item would be to check the IP addresses in the
> received headers and check based upon CIDR addresses.  Anything with
> an IP which is not one of the local networks would be suspect.
> 
> I think this might be something that procmail filters through perl
> before spamassassin.  This could add a header to the mail which then
> SA could score against.  I would rather do this all within SA,
> though, since that is already hooked into the mail flow.
> 
> Bob


Bob,

 how do you have SA imeplemented at your site? this sounds like something
that's easily done with MIMEDefang (as a matter of fact, i have a routine in
my filter to skip SA checks for any origin on my LAN).  but you'd have to be
using sendmail with milter support to use MIMEDefang.


alan



-------------------------------------------------------
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01
_______________________________________________
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Reply via email to