On 2007-02-08, Stephen Warren <[EMAIL PROTECTED]> wrote:
> Tim Rice wrote:
>> On Thu, 8 Feb 2007, Stephen Warren wrote:
>>
>>> That said, even when spammers forge addresses in your domain, do they
>>> ever do that *just* for From/Reply-to and *not* for the envelope sender?
>>
>> Yes. That is why it gets through.
>> The ones that forge the envelope sender get dropped by SPF.
>
> How sneaky.
>
> I suggest a sendmail milter, or postfix pre-queue filter, or data-time
> policy daemon that checks for forged headers and rejects them in the
> same way then (or whatever is appropriate for your MTA.)
>
> I'm afraid I don't know of any pre-written filters that do this, though
> if this problem is happening for you, I wouldn't be surprised if
> somebody has already solved it!
I still think it's a mistake to auto-whitelist your own domain.
I've seen this kind of spam:
Envelope sender: [EMAIL PROTECTED]
Envelope recipient: [EMAIL PROTECTED]
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
If I have [EMAIL PROTECTED] whitelisted, it's going to get through.
But if I only have specific users in my domain whitelisted, then
it's much harder for a spammer to guess who gets to get in.
I think you can resolve a lot of this problem by not
auto-whitelisting your domain.
_________________________________________________
tmda-workers mailing list ([email protected])
http://tmda.net/lists/listinfo/tmda-workers
