Title: Message
According to
external DNS, you only have one mail host.
For starters, you
can whitelist your own IP. And if that server is the only machine of yours
that is going to identify itself as wcnet.net,
HELO20
ENDSWITH wcnet.net
should do nicely
until someone called
Title: Message
I should
add:
If you want to go
the extra mile and say:
MAILFROM 20
ENDSWITH wcnet.net
Then you'll find
that works great against spammers who fake their mailfrom address so it looks
your own name (or say, [EMAIL PROTECTED] while trying to send
to you!), but:
You'll also
I get more valid E-mail's faking the from to look like it's from one of
my users than I get in actual spam that is doing this. In a recent
test of 5,530 unique incoming messages, only 6 spammers tried to look
as if it was coming from my server, that's only 0.1%. It all failed as
well.
I
- Original Message -
From: Matthew Bramble
I highly recommend not filtering the fake MAILFROM for your local domains.
Why not? I don't actually do this, rather I use SPAMDOMAIN instead. But I
don't see a problem doing it with MAILFROM in a filter file either.
Bill
---
[This E-mail
Bill,
It's because it is very rare that you see spam faking your address,
0.1% from a recent test, and much more common that false positives will
be created as was noted. I was able to monitor this behavior because
unfortunately the DYNAMIC filter catches but doesn't score intra-server
domain
. No credit check
Looks like a very effective test to
me.
Bill
- Original Message -
From:
Matthew Bramble
To: [EMAIL PROTECTED]
Sent: Friday, September 19, 2003 2:16
PM
Subject: Re: [Declude.JunkMail] blocking
spam faked as coming from local a ddress ddress ddress ddress