you wake me up from this one. open community really is helpful as it is obviously a compounded form of wisdom and knowledge base in general and details. thanks again matt!
-----Original Message----- From: Matt Kettler [mailto:[EMAIL PROTECTED] Sent: Friday, December 01, 2006 3:36 PM To: [EMAIL PROTECTED] Cc: users@spamassassin.apache.org Subject: Re: forged spam emails from my own domain vertito wrote: > i am receiving spam emails coming from my own domain.com but that > email address does not existing from my own domain.com. > > say my domain is mydomain.com and that spam email had FROM header that > shows > > [EMAIL PROTECTED] > > which is currently whitelisted from spamassassin global rules and > currently does not exist from my users list. > that is why i am receiving it from my INBOX and not from SPAM folder, > > anyone has idea or a script to move this to SPAM folder? > tnx sidenote: Do you really have to post in such a large font? Spamassassin whitelisting rules: Rule 1. Do not *EVER* use whitelist_from for you domain.. EVER. This is a bad idea because it is easily forged. Even if your MTA rejects forgeries, that only applies to the envelope, where SA's whitelisting will match either the envelope or the From: address Use whitelist_from_rcvd instead. Whitelist_from_rcvd allows you to dictate matching part of a Received: header, and you can use this so that only internal machines will match the whitelist, outside hosts won't. Rule 2. Actually, don't EVER use whitelist_from for anything if you can avoid it. whitelist_from_rcvd or whitelist_from_spf are always better to use when possible. And, as Craig suggested, configuring your MTA to reject forgeries of your domain is a good idea. This will only solve those that forge the envelope from, but this is a large chunk of forged spam and viruses.
