Some Spammer uses this. Look to Eduard¹s mails below. If you are authenticated no tests will deny you.
Von: David Stiller <[email protected]> Antworten an: spamdyke users <[email protected]> Datum: Thu, 7 May 2009 11:19:08 +0200 An: spamdyke users <[email protected]> Betreff: Re: [spamdyke-users] Posibility to blacklist messages where sender and recipient are exactly same That looks even more strange to me. ;) If you're even authenticated, you're a "legal" user and should be able to send yourself a mail. I think i just didn't understand which case you want to block when a mail has sender=recipient? Ulrich C. Manns schrieb: > Yes, but in this case i am authenticated. > > ------------------------------------------------------------------------ > *Von: *David Stiller <[email protected]> > *Antworten an: *spamdyke users <[email protected]> > *Datum: *Thu, 7 May 2009 11:03:49 +0200 > *An: *spamdyke users <[email protected]> > *Betreff: *Re: [spamdyke-users] Posibility to blacklist messages where > sender and recipient are exactly same > > Ulrich C. Manns schrieb: >> @Sam Clippinger > >> Hi Sam, > >> my whishes: > >> 1. A new parameter to reject emails if sender=recipient (because >> we?re hosting many domains an Eduard method won?t work for us) > > Hi Ulrich, > > isn't it a quite usual method to send mails to yourself, to keep a copy > or something? If you really want to do this, check also if the sending > mx is not local domain, regardings this i would think that spamdyke > might deny such a mail anyway with the reverse dns lookup checks. > >> 2. SPF .... (DENIED_SPF) >> 3. MySQL extension from haggybear.de > > >> Regards, >> Ulrich > >> ------------------------------------------------------------------------ >> *Von: *Eduard Svarc <[email protected]> >> *Antworten an: *<[email protected]>, spamdyke users >> <[email protected]> >> *Datum: *Wed, 6 May 2009 10:29:11 +0200 >> *An: *spamdyke users <[email protected]> >> *Betreff: *Re: [spamdyke-users] Posibility to blacklist messages where >> sender and recipient are exactly same > > >> Hi Ulrich, > >> thanks for idea and it works. I did add into >> /etc/spamdyke.d/sender-blacklist-file all our local domain in form: > >> @intertech.cz > >> and now SPAMDYKE works as I do expecting: > >> May 6 10:23:29 fw spamdyke[27819]: DENIED_SENDER_BLACKLISTED from: >> [email protected] to: [email protected] origin_ip: 89.189.3.74 >> origin_rdns: lissant.kis.ru auth: (unknown) > >> Heureka! I hope it will helps someone else than me. But it is perfectly >> what I do expect to happens. > >> Eduard > >> [email protected] wrote on 06.05.2009 09:51:17: > >>> >>> Dear Ulrich, >>> >>> I guess it couldn't be denied by DENIED_IP_IN_RDNS because >> s0106000625a2b407 >>> is not hexadecimal representation of IP address. I pick may be wrong >>> example there are partially regular reverse DNS too where sender and >>> recipent are same like: >>> >>> May 6 09:35:03 fw spamdyke[27053]: ALLOWED from: @domain.cz to: >>> @domain.cz origin_ip: 95.48.168.162 origin_rdns: jum162.internetdsl. >>> tpnet.pl auth: (unknown) >>> >>> Thanks to your answer to another thread I got idea how to block >>> these messages. I could put our domain in sender-blacklist-file and >>> it will definetely stop all messages containing SPAM with fake >>> sender from our domain. Users using another mail server for outgoing >>> mail and that mail will never reach perimeter SMTP server where >>> SPAMDYKE does run. >>> >>> Thnak you! >>> Eduard >>> >>> "Ulrich C. Manns" <[email protected]> wrote on 06.05.2009 08:59:15: >>> >>> > I think this should be a new parameter in the config for the next >> version? >>> > >>> > But this should be rejected with DENIED_IP_IN_RDNS with .net in the file >>> > ip-in-rdns-keyword-blacklist-file? >>> > >>> > Von: Eduard Svarc <[email protected]> >>> > Antworten an: <[email protected]>, spamdyke users <spamdyke- >>> > [email protected]> >>> > Datum: Wed, 6 May 2009 08:32:10 +0200 >>> > An: spamdyke users <[email protected]> >>> > Betreff: [spamdyke-users] Posibility to blacklist messages where >>> > sender and recipient are exactly same >>> > >>> > >>> > Dears, >>> > >>> > I'm looking for right place where I could reject messages containing >>> > with 100% probability SPAM. These messages I could easily indetify >>> > as SPAM because sender and recipient are exactly same. My server is >>> > perimeter SMTP relay only. In this case is not simply possible that >>> > he could deliver this kind of messages. In case when user of local >>> > domain acidentaly sending message to self it would be handled by >>> > main mail server not by perimeter SMTP server. >>> > >>> > I would like simply DENY all messages like these: >>> > >>> > May 6 06:57:48 fw spamdyke[23773]: ALLOWED from: [email protected] to: >>> > [email protected] origin_ip: 24.84.53.252 origin_rdns: >>> > s0106000625a2b407.vc.shawcable.net auth: (unknown) >>> > >>> > TIA >>> > Eduard >>> > _______________________________________________ >>> spamdyke-users mailing list >>> [email protected] >>> http://www.spamdyke.org/mailman/listinfo/spamdyke-users > > >> ------------------------------------------------------------------------ > >> _______________________________________________ >> spamdyke-users mailing list >> [email protected] >> http://www.spamdyke.org/mailman/listinfo/spamdyke-users > _______________________________________________ spamdyke-users mailing list [email protected] http://www.spamdyke.org/mailman/listinfo/spamdyke-users ------------------------------------------------------------------------ _______________________________________________ spamdyke-users mailing list [email protected] http://www.spamdyke.org/mailman/listinfo/spamdyke-users _______________________________________________ spamdyke-users mailing list [email protected] http://www.spamdyke.org/mailman/listinfo/spamdyke-users
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ spamdyke-users mailing list [email protected] http://www.spamdyke.org/mailman/listinfo/spamdyke-users
