Thanks to all who've replied. Sadly SPF won't catch this type of spam as that only deals with the envelope and the faked field is in the body. We already have SPF set up anyhow which obviously catches a fair few faked HELO's.
Kai's suggestion for Postfix will work for now, so thanks for that. However I will need to drop that restriction once I set up external mail access so being able to score messages with a faked 'From' field is what I'd ideally like to do: and will need to do in the nearish future. Is there a rule(set) around at the minute which can do this, or do I need to learn Pearl in a hurry? Calum. -----Original Message----- From: John Hardin [mailto:jhar...@impsec.org] Sent: 12 January 2010 21:18 To: 'users@spamassassin.apache.org' Subject: Re: [sa] Faked _From_ field using our domain - how to filter/score? On Tue, 12 Jan 2010, Charles Gregory wrote: > On Tue, 12 Jan 2010, Callum Millard wrote: > : The problem is spam with a faked 'From:' field. Spammers are sending > : e-mails to our domain with the 'From:' field set to a valid e-mail > : address from our domain. > > Unfortunately, if you permit use of your domain name as a 'From' for > users on other connections (home DSL, etc), then you can only use a > minimal score in SA and must look for other spamsign. If you do that you should require they use authenticated and encrypted SMTP. SPF et. al. can be bypassed if that is known. -- John Hardin KA7OHZ http://www.impsec.org/~jhardin/ jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 ----------------------------------------------------------------------- Taking my gun away because I *might* shoot someone is like cutting my tongue out because I *might* yell "Fire!" in a crowded theater. -- Peter Venetoklis ----------------------------------------------------------------------- 5 days until Benjamin Franklin's 304th Birthday -- View this message in context: http://old.nabble.com/Faked-_From_-field-using-our-domain---how-to-filter-score--tp27132211p27148198.html Sent from the SpamAssassin - Users mailing list archive at Nabble.com.
