On Thu, 18 Jun 2009, Jeff Drury wrote:
SA is working for the most part beyond expectations, the only problem
I?m having is filtering spoofed email address (i.e.
valid_u...@ourdomain.com). I am able to filter out non-valid user
addresses (i.e. spam...@ourdomain.com). I run SA-Update daily, have
piped well over 500 of these messages through sa-learn, yet they still
come through. I know this is a generic outline of the problem, but it?s
a start, if you need more info I can send it.
Are the spoofed address in the sender address or the recipient address?
Are these messages hitting a whitelist and getting large negative scores?
Have you used "whitelist_from" anywhere in your configs? You probably
don't want to do that.
Benny suggested SPF; setting up an SPF record will (apparently) reduce
(but not eliminate) the attempts to send spam using forged addresses from
your domain, and will allow you to filter forged sender addresses from
your domain by verifying the message matches the claimed domain's SPF
information. There are other ways to do this; for example, I use
milter-regex.
There may be still other ways to say "a sender domain of X should be
rejected if it comes from the internet", but I am not a postfix guru.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Politicians never accuse you of "greed" for wanting other people's
money, only for wanting to keep your own money. -- Joseph Sobran
-----------------------------------------------------------------------
Today: SWMBO's Birthday
