On Sun, January 29, 2006 9:09 pm, jdow said:
> From: <[EMAIL PROTECTED]>
>>
>> On Sun, January 29, 2006 4:42 pm, jdow said:
> ...
>>> Do you see ALL_TRUSTED in all or most of the email received? If so your
>>> trust path is toast and many of the header consistency checks won't
>>> work
>>> right. As far as other issues, my brain's not functioning well at the
>>> moment. Migraine's do that to me. But I do note that it's fairly
>>> obvious
>>> when an email has forged an Earthlink address. So perhaps catching it
>>> here is easier than for you. I do not have anything at Earthlink
>>> whitelisted
>>> at all. But then, the ALL_TRUSTED which honest Earthlink.net email gets
>>> is an effective whitelist, anyway. I don't mind that most of the
>>> Earthlink
>>> sales offers and such get clobbered by the spam filtering. {^_-}
>>
>> There aren't ever any ALL_TRUSTED entries in my headers. I've been very
>> careful to tune that as accurately as I can. I'm behind a dual-homed
>> Linux
>> firewall which is behind a NATted Cisco gateway router, so it was a
>> trial-and-error process. I still am not completely confident it's right.
>>
>> Currently I have:
>>
>> clear_trusted_networks
>> internal_networks 127/8 10/8 172.20.20/24
>> trusted_networks 172.20.20.2 10.0.0.1 127.0.0.1 My.Pub.lic.IP
>> dns_available test: mydomain.com
>
> OK, do you in fact see messages from your own domain triggering as spam?
> If so check the rules that triggered. Maybe they are not well suited for
> the demands of your particular domain. You may need to override some
> scores
> or remove some rule sets. Or if somebody internally is spamming then it
> might be wise to turn them off. I treat whitelist and its kith and kin as
> an admission that a site may be spammy in nature but it is spam I want
> and have asked for. I work hard not to need it. Although there are some
> commercial theatrical and financial sites I do want that do trigger the
> standard rule sets, sometimes humorously well. So I whitelist them for
> awhile until their format bugs me too much and then they drift back to
> spam status. But if anti-spam rules are very regularly rating messages
> from your site as spam it might be a good idea to check on what those
> messages look like rather than wallpapering over them. (The SARE rule
> set 70_sare-whitelist.cf is a good place to find suitable formats for
> the whitelist_from_rcvd rule. Some sites you want to accept wild card
> user names while other sites you want to be more restrictive about.
> The whitelist_from_rcvd requires that the email not only claim the
> correct sender address format but also that it originates from the
> correct domain for that address.
Nope, never spam from inside the network. I've never had that problem with
my users. I guess I'm lucky that way. There's no way (currently) to use my
hosts as open relays either.
It seems things have calmed down now with the use of the
whitelist_from_rcvd inclusion.
Thanks for that help.
Karl
>
> {^_^}
>
