Matt, That makes a lot of sense. Thank you very much. I didn't see a blacklist_from_rcvd in the config documentation so I assume there isn't one. Similar precautions might be helpful, although it might be too much work to try to match bad address to the servers they might be sending from. Better to just match the bad server I guess.
Thanks, Jonathan Duncan Matt Kettler <[EMAIL PROTECTED]> said: > some recommendations: > > 1) don't ever whitelist yourself. This kind of spammer behavior is SUPER > common. A very noticeable portion of the spam I get is "from" my own address. > > 2) If you must whitelist yourself, use a whitelist_from_rcvd not a simple > whitelist_from. > > 3) In fact, if you can avoid it, don't ever use a simple whitelist_from, > and always use a whitelist_from_rcvd whenever possible. This closes a LOT > of loopholes like the one you found here. > > Basically whitelist_from_rcvd forces a check of both the from: address and > the received headers. This makes it so the whitelist cannot be spoofed > merely by substituting a from: line. > > At 07:14 PM 12/16/2002 +0000, Jonathan Duncan wrote: > >I have gotten a couple of vile spams that came through with NO problem > >whatsoever because of the test "USER_IN_WHITELIST". It seems that the > >spammer used my email address in the To: field as well as the From: field. > >If all spammers did that, with my current configuration, my install of SA > >would be worthless. Is there a way around this? Perhaps I could change the > >amount of negative points the people in the whitelist get and up the number > >of points that "FROM_SAME_AS_TO" gets. Has anyone else solved this problem > >already? > ________________________________________________________________ Brought to you by nacnudMail using TWIG. http://www.nacnud.com ------------------------------------------------------- This sf.net email is sponsored by: With Great Power, Comes Great Responsibility Learn to use your power at OSDN's High Performance Computing Channel http://hpc.devchannel.org/ _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
