> -----Original Message----- > From: Yavuz Maslak [mailto:[EMAIL PROTECTED] > Sent: Sunday, December 07, 2008 3:02 PM > > Ok > I have started to use dkim verification. I defined whitelists in > local.cf. > it works. > But I could not find how I give high score for a spammer who doesn't > use > gmail's mail servers. > > Although a domain has domain keys, how can I give positive score for a > mail > which comes from a fake smtp server ?
There is no direct way (to my knowledge) to do this. You have to apply a positive score to all mail claiming to be "From:" a gmail address, then apply a negative score voiding the first one to the DKim-verified ones. Giampaolo > > Yavuz Maslak a écrit : > >> Sometimes, although anyone don't use domain.com's server, he sends > many > >> mails using himself smtp service as if these mails come from > @domian.com. > >> > >> the domain.com may be hotmail.com , gmail.com. > >> > >> is there a rule for that so that we can give some score for these > mails? > > > > for gmail, you can use dkim verification. look at the rules in > > http://www.ijs.si/software/amavisd/amavisd-new-docs.html#dkim > > you may want to accept non signed gmail mail if it comes from nabble > or > > others. > > > > > > for hotmail, there are already rules to catch such forgeries. take a > look > > at > > http://spamassassin.apache.org/tests_3_2_x.html > > > > if you have sample false negatives, post them on pastebin.com. > >
