Hi Sam,
<ignoreLocalSender>true</ignoreLocalSender>
Ignores local senders from the Bayesian Analysis. This is fine but I notice
that if a spammer uses a fake address :
[EMAIL PROTECTED] where mydomain.com is my domain but Spammer is a fake address
James doesn't do any Spam protection. How can I get James to distinguish mail
from my users that has truly originated from my local users from people using
my domain name to send spam to my users
The answer is that the 'ignoreLocalSender' tag is useless for most
situations because, as you rightly point out, it assumes a sender is
local based on the email's 'From' address; and this is easily faked by a
spammer. I made this mistake a while ago because I accidently left it
set to true. By default it is set to false and you should leave it that
way.
I set up my spam processor to assume that anyone who has successfully
authenticated must be a 'local' user and therefore any email being sent
by this user should not be spam checked. I do this by placing the
following in my main root pipeline in the config.xml file just before
the bit which does the spam processing: -
<!-- Messages from authenticated senders are never spam -->
<mailet match="SMTPAuthSuccessful" class="ToProcessor">
<processor> transport </processor>
</mailet>
There is the possibility that a 'local' user's machine gets compromised
by a trojan and starts sending spam which will be let through by this
technique but so far that hasn't been a problem.
Regards,
David Legg
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
