Ok
I have started to use dkim verification. I defined whitelists in local.cf.
it works.
But I could not find how I give high score for a spammer who doesn't use
gmail's mail servers.
Although a domain has domain keys, how can I give positive score for a mail
which comes from a fake smtp server ?
Yavuz Maslak a écrit :
Sometimes, although anyone don't use domain.com's server, he sends many
mails using himself smtp service as if these mails come from @domian.com.
the domain.com may be hotmail.com , gmail.com.
is there a rule for that so that we can give some score for these mails?
for gmail, you can use dkim verification. look at the rules in
http://www.ijs.si/software/amavisd/amavisd-new-docs.html#dkim
you may want to accept non signed gmail mail if it comes from nabble or
others.
for hotmail, there are already rules to catch such forgeries. take a look
at
http://spamassassin.apache.org/tests_3_2_x.html
if you have sample false negatives, post them on pastebin.com.
