On Sun, January 29, 2006 4:42 pm, jdow said:
> From: <[EMAIL PROTECTED]>
>>
>> On Sun, January 29, 2006 12:50 am, jdow said:
>>> From: <[EMAIL PROTECTED]>
>>>
>>>> In my setup (SA 3.1.0) I've done some tweaking here and there, but I'm
>>>> not
>>>> expert enough, nor smart enough to understand the cryptic nature of
>>>> PHP
>>>> (cryptic to me, at least) and the SA rules.
>>>>
>>>> When an email is spoofed as being from me and to me, the score is -100
>>>> (+-
>>>> the other rules caught) as being in the whitelist. I have a database
>>>> of
>>>> email users of about 4000 and wrote a script that goes through them on
>>>> command and builds my whitelist.
>>>>
>>>> I'm on Redhat v8.0, PHP v4.2.2-8.0.5, sendmail v8.12.5-7
>>>
>>> 1) It's whitelist_from_rcvd you want.
>>> 2) It's should not be necessary to whitelist your own site. If it is
>>> then
>>> investigate what aspects of your email load are causing the hits.
>>> Then
>>> take the proper remedial action.
>>
>> Okay, I've looked at whitelist_from_rcvd and added for email addresses
>> on
>> my site. The format I'm using is:
>>
>> whitelist_from_rcvd [EMAIL PROTECTED] mydomain.com
>>
>> I'll watch and see if anymore of these fail to get tagged as spam.
>>
>> I'm confused on how to take proper remedial action because I'm not sure
>> what to look for on item #2 above. Please point me in the right
>> direction
>> and I'll get the rest of the work myself.
>
> Do you see ALL_TRUSTED in all or most of the email received? If so your
> trust path is toast and many of the header consistency checks won't work
> right. As far as other issues, my brain's not functioning well at the
> moment. Migraine's do that to me. But I do note that it's fairly obvious
> when an email has forged an Earthlink address. So perhaps catching it
> here is easier than for you. I do not have anything at Earthlink
> whitelisted
> at all. But then, the ALL_TRUSTED which honest Earthlink.net email gets
> is an effective whitelist, anyway. I don't mind that most of the Earthlink
> sales offers and such get clobbered by the spam filtering. {^_-}
There aren't ever any ALL_TRUSTED entries in my headers. I've been very
careful to tune that as accurately as I can. I'm behind a dual-homed Linux
firewall which is behind a NATted Cisco gateway router, so it was a
trial-and-error process. I still am not completely confident it's right.
Currently I have:
clear_trusted_networks
internal_networks 127/8 10/8 172.20.20/24
trusted_networks 172.20.20.2 10.0.0.1 127.0.0.1 My.Pub.lic.IP
dns_available test: mydomain.com
Karl
>
> {^_^}
>
