Re: spam with bad From: field
On Fri, 1 Apr 2016 11:47:42 PM Chris Samuel via luv-main wrote: > On Friday, 1 April 2016 10:22:40 PM AEDT Russell Coker via luv-main wrote: > > Is there a good way of stopping such spam with Postfix and SpamAssassin? > > You can match on the display-name in "header" tests with SpamAssassin using > the :name suffix according to the docs: > > http://spamassassin.apache.org/full/3.4.x/doc/Mail_SpamAssassin_Conf.html header FAKE_DOMAIN From =~ /@coker.com.au/:addr From the documentation you reference it appears that the above line might do what's necessary. Writing a shell script that generates a config file listing every domain that the server supports should be easy enough. Then I just have to make sure that SA doesn't run on local mail. On Sat, 2 Apr 2016 01:32:31 AM Andrew McGlashan via luv-main wrote: > Above, the "postmast..." part is just the pretty name, it isn't the > real from address; still the trimas.com.au domain has no SPF record for > validation anyway. I know, but forging an address in my domain is a very good criteria for recognising spam. -- My Main Blog http://etbe.coker.com.au/ My Documents Bloghttp://doc.coker.com.au/ ___ luv-main mailing list luv-main@luv.asn.au https://lists.luv.asn.au/cgi-bin/mailman/listinfo/luv-main
Re: spam with bad From: field
On 1/04/2016 10:22 PM, Russell Coker via luv-main wrote: > From: "postmas...@coker.com.au"> > Above is the From field of a spam that recently arrived in my inbox, the > Return-Path and Message-ID refer to trimas.com.au so it didn't hit any SPF > checks. > > Is there a good way of stopping such spam with Postfix and SpamAssassin? Not likely, email is so broken in some areas, backscatter is one of them; backscatter caused by incorrect SPF handling. Above, the "postmast..." part is just the /pretty/ name, it isn't the real from address; still the trimas.com.au domain has no SPF record for validation anyway. > I wrote some milter code to stop this for a client, the code was a little > hacky and even if I had approval to reuse it the amount of work involved > would > vastly exceed the amount of time it takes to just delete such mail. You will be fighting a never ending battle. Cheers AndrewM ___ luv-main mailing list luv-main@luv.asn.au https://lists.luv.asn.au/cgi-bin/mailman/listinfo/luv-main
Re: spam with bad From: field
On Friday, 1 April 2016 10:22:40 PM AEDT Russell Coker via luv-main wrote: > Is there a good way of stopping such spam with Postfix and SpamAssassin? You can match on the display-name in "header" tests with SpamAssassin using the :name suffix according to the docs: http://spamassassin.apache.org/full/3.4.x/doc/Mail_SpamAssassin_Conf.html # Appending a modifier :name to a header field name will cause everything # except the first display name to be removed from the header field. It is # mainly applicable to header fields containing a single mail address: 'From', # 'Sender', along with their 'Resent-From' and 'Resent-Sender' counterparts. [...] # For example, appending :name to a header name will result in "Foo Blah" # (without quotes) in all of the following cases: # # example@foo (Foo Blah) [...] # "Foo Blah"Best of luck! Chris -- Chris Samuel : http://www.csamuel.org/ : Melbourne, VIC ___ luv-main mailing list luv-main@luv.asn.au https://lists.luv.asn.au/cgi-bin/mailman/listinfo/luv-main
spam with bad From: field
From: "postmas...@coker.com.au"Above is the From field of a spam that recently arrived in my inbox, the Return-Path and Message-ID refer to trimas.com.au so it didn't hit any SPF checks. Is there a good way of stopping such spam with Postfix and SpamAssassin? I wrote some milter code to stop this for a client, the code was a little hacky and even if I had approval to reuse it the amount of work involved would vastly exceed the amount of time it takes to just delete such mail. -- My Main Blog http://etbe.coker.com.au/ My Documents Bloghttp://doc.coker.com.au/ ___ luv-main mailing list luv-main@luv.asn.au https://lists.luv.asn.au/cgi-bin/mailman/listinfo/luv-main