Andrea, You'll note that on the Rept: line from your incoming log file the reply-to: header is your address.
This is a good example of why not to whitelist yourself. It's very easy for a spammer to spoof your own email address. You would be much better served by removing your email address from your confirmed list (and any other lists), and creating a pseudo keyword address for your personal use. See these message threads for a discussions of pseudo keyword addresses and how to handle them. http://mla.libertine.org/tmda-users/2003-05/msg00143.html http://mla.libertine.org/tmda-users/2004-03/msg00176.html Dave > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Andrea Whitlock > Sent: Friday, November 19, 2004 7:32 AM > To: [EMAIL PROTECTED]; David Grimberg > Cc: [EMAIL PROTECTED] > Subject: Re: How to Force Exact Matches for Confirmed or > WhitelistedAddresses? > > This is from my incoming log: > > Date: Sat Nov 13 07:30:30 CST 2004 > XPri: [EMAIL PROTECTED] > From: [EMAIL PROTECTED] <[EMAIL PROTECTED] (bandy)> > Rept: [EMAIL PROTECTED] > To: [EMAIL PROTECTED] > Subj: magnitude satisfactory transmit cabdriver ragging > Actn: OK (from-file -optional -autocdb ~/.tmda/lists/confirmed ok) > (4783) > > [EMAIL PROTECTED] is in my confirmed file. > mobius-soft.com (or any > wildcard variation of it), is not. Neither is > [EMAIL PROTECTED] > I can send you my confirmed file and incoming filter file if > it will help. > > >From what you have described, it looks like it's matching > the Reply To > header. Is there a way to force it to look at From first and > make that > field take precedence if it's different than Reply To? > > Thanks, > Andrea > > ----- Original Message ----- > From: David Grimberg > To: 'Andrea Whitlock' ; [EMAIL PROTECTED] > Sent: Thursday, November 18, 2004 10:10 AM > Subject: RE: How to Force Exact Matches for Confirmed or Whitelisted > Addresses? > > > Andrea, > > One thing you need to be aware of is that TMDA attempts to > match against 3 > to 4 different addresses when an email arrives as well as > entire domains. > So even if the address listed in the from header of the email > indicates that > it's from [EMAIL PROTECTED] the envelope sender or > reply-to header > may be [EMAIL PROTECTED] which would get a positive match. The > addresses that TMDA checks that I'm aware of are the envelope > sender (which > does not appear as a header anywhere in the message) the > From: header, the > Reply-To: header and possibly the X-Primary-Address: header. > Further if any > of your list files contain mobius-soft.com as an address then > the entire > domain will match that rule regardless of the user portion of > the email > address. > > If you check your LOGFILE_INCOMING log file, you should be > able to determine > what addresses are involved. In the log file the Xpri: field > corresponds to > the X-Primary-Address header, the Sndr: field corresponds to > the envelope > sender, the From: field of course goes with the From header, > and the Rept: > field corresponds to the Reply-To header. The Actn: field of > the messages > log entry lists what action was taken (e.g. OK, DELIVER, > CONFIRM, etc.) and > if the action is the result of a filter rule, the rule will > be listed in > parentheses following the name of the action taken (e.g. > Actn: OK (from-file > ~/.tmda/lists/confirmed ok) ) > > By default TMDA does not match substrings of addresses (other > than domains) > unless you specify certain wildcards in the address. For > example this rule: > > >From [EMAIL PROTECTED] ok > > Is the same as > > >From mobius-soft.com ok > > And will match any email sent from the domain > mobius-soft.com. This rule: > > >From [EMAIL PROTECTED] ok > > Will match any email sent from someone with andrea as the > last part of their > username and from any host in the mobius-soft.com domain e.g. > [EMAIL PROTECTED] would match this rule as would > [EMAIL PROTECTED] > > The thing to note is that substrings are only matched when your rules > specify that they should be checked, otherwise all the > matching is exact. > > > Dave > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of Andrea Whitlock > > Sent: Thursday, November 18, 2004 6:29 AM > > To: [EMAIL PROTECTED] > > Subject: How to Force Exact Matches for Confirmed or > > Whitelisted Addresses? > > > > I have this address in my confirmed file: > > > > [EMAIL PROTECTED] > > > > I am receiving spam from these forged addresses: > > > > [EMAIL PROTECTED] > > [EMAIL PROTECTED] > > [EMAIL PROTECTED] > > [EMAIL PROTECTED] > > > > How do I make TMDA do an exact match on the address in the > > confirmed file? > > It looks like it matches substrings and not the exact string. > > > > Andrea > > > > _____________________________________________ > > tmda-users mailing list ([EMAIL PROTECTED]) > > http://tmda.net/lists/listinfo/tmda-users > > > > _____________________________________________ > tmda-users mailing list ([EMAIL PROTECTED]) > http://tmda.net/lists/listinfo/tmda-users > _____________________________________________ tmda-users mailing list ([EMAIL PROTECTED]) http://tmda.net/lists/listinfo/tmda-users
