On 8/19/03 1:51 PM, "Bob Proulx" <[EMAIL PROTECTED]> wrote:
> Matt Kettler wrote:
>> Bob Proulx wrote:
>>> whitelist_from_rcvd [EMAIL PROTECTED] example.com
>>
>> whitelist_from_rcvd [EMAIL PROTECTED] mymachine.example.com
>>
>> where "mymachine.example.com" is some internal machine that spam won't
>> arrive from, but outbound nonspam will?
>
> Unfortunately there are many (in the thousands) of hosts which could
> send non-spam mail in *.example.com. So that does not work.
>
> There are probably 20-30 hosts which are border machines which _may_
> relay spam from the Internet to the local network. Listing them out
> would be hard. Using wildcards might work. Can wildcards be used in
> the "mymachine.example.com" location above such as
> "relay*.example.com"? If so then perhaps (if this existed) a
> blacklist_from_rcvd would work.
>
> whitelist *
> blacklist_from_rcvd [EMAIL PROTECTED] *relay*.example.com
>
> Of course that is still not quite good even if blacklist_from_rcvd
> actually existed. The process looks interesting. But it leaves out
> the possibility that non-spam email might come from the border
> machines. And it misses out on the information as to whether there
> were non-local domains in the received headers.
>
> The one really telling sign is seeing a non-example.com machine in a
> received header. If this were shell I would 'grep -v example.com'
> from the headers and if the result were nonzero then I would know it
> came from outside the network. Seeing a non-local domain in the
> received header is equivalent to seeing only local domains in the
> header.
>
> Another nice wishlist item would be to check the IP addresses in the
> received headers and check based upon CIDR addresses. Anything with
> an IP which is not one of the local networks would be suspect.
>
> I think this might be something that procmail filters through perl
> before spamassassin. This could add a header to the mail which then
> SA could score against. I would rather do this all within SA,
> though, since that is already hooked into the mail flow.
>
> Bob
Bob,
how do you have SA imeplemented at your site? this sounds like something
that's easily done with MIMEDefang (as a matter of fact, i have a routine in
my filter to skip SA checks for any origin on my LAN). but you'd have to be
using sendmail with milter support to use MIMEDefang.
alan
-------------------------------------------------------
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01
_______________________________________________
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
