So this is what I am very close to having in good working shape: For each email message processed by the courier server, I collect the recipient addresses from those messages that come from an authenticated user (Using the Courier::Filter::Message::trusted() property). I store these addresses in a DBM file.
Then for each mail message that comes from an unauthenticated user (generally speaking, regular inbound smtp traffic), I grab the sender information (Courier::Filter::Message::sender() property). I can then check this sender information against my DBM file, and determine if this sender is someone who was sent a message from an authenticated user on my server. The problem, of course, is that the 'sender' information, which is taken from the MAIL FROM: smtp command, is easily and often faked. My original, and flawed thinking, was to allow messages who's sender was in the DBM file to bypass the normal spam filters. So my questions are: 1. Is using the 'sender' property to potentially bypass the spam filters and let the message be delivered to the INBOX going to prove useful at all? Or are the chances of the forged 'sender' address being the same as one of the addresses in my auto-whitelist DBM file too high? What if I categorized the recipient addresses by sender (user jason has sent messages to '[EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED]'), then when checking user jason's inbound smtp traffic, check the sender information only for those addresses that he has sent messages to previously? 2. What if I combined this filter (Is the sender in my known recipeients DBM file?) with an SPF check such that the 'sender' info is only trusted for messages who pass an SPF check? 3. Are there other, more clever ways to use this DBM file of trusted recipient addresses in a way that would help me (and my spam filters like spamassassin, DSPAM, and CRM) better classify spam vs. not-spam? Suggestions welcome. Once I get the final version ready, I'll post a cookbook on how I put it all together. Thanks, jason ------------------------------------------------------- This SF.Net email is sponsored by The 2004 JavaOne(SM) Conference Learn from the experts at JavaOne(SM), Sun's Worldwide Java Developer Conference, June 28 - July 1 at the Moscone Center in San Francisco, CA REGISTER AND SAVE! http://java.sun.com/javaone/sf Priority Code NWMGYKND _______________________________________________ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
