From: <[EMAIL PROTECTED]>
On Sun, January 29, 2006 9:09 pm, jdow said:
From: <[EMAIL PROTECTED]>
On Sun, January 29, 2006 4:42 pm, jdow said:
...
Do you see ALL_TRUSTED in all or most of the email received? If so your
trust path is toast and many of the header consistency checks won't
work
right. As far as other issues, my brain's not functioning well at the
moment. Migraine's do that to me. But I do note that it's fairly
obvious
when an email has forged an Earthlink address. So perhaps catching it
here is easier than for you. I do not have anything at Earthlink
whitelisted
at all. But then, the ALL_TRUSTED which honest Earthlink.net email gets
is an effective whitelist, anyway. I don't mind that most of the
Earthlink
sales offers and such get clobbered by the spam filtering. {^_-}
There aren't ever any ALL_TRUSTED entries in my headers. I've been very
careful to tune that as accurately as I can. I'm behind a dual-homed
Linux
firewall which is behind a NATted Cisco gateway router, so it was a
trial-and-error process. I still am not completely confident it's right.
Currently I have:
clear_trusted_networks
internal_networks 127/8 10/8 172.20.20/24
trusted_networks 172.20.20.2 10.0.0.1 127.0.0.1 My.Pub.lic.IP
dns_available test: mydomain.com
OK, do you in fact see messages from your own domain triggering as spam?
If so check the rules that triggered. Maybe they are not well suited for
the demands of your particular domain. You may need to override some
scores
or remove some rule sets. Or if somebody internally is spamming then it
might be wise to turn them off. I treat whitelist and its kith and kin as
an admission that a site may be spammy in nature but it is spam I want
and have asked for. I work hard not to need it. Although there are some
commercial theatrical and financial sites I do want that do trigger the
standard rule sets, sometimes humorously well. So I whitelist them for
awhile until their format bugs me too much and then they drift back to
spam status. But if anti-spam rules are very regularly rating messages
from your site as spam it might be a good idea to check on what those
messages look like rather than wallpapering over them. (The SARE rule
set 70_sare-whitelist.cf is a good place to find suitable formats for
the whitelist_from_rcvd rule. Some sites you want to accept wild card
user names while other sites you want to be more restrictive about.
The whitelist_from_rcvd requires that the email not only claim the
correct sender address format but also that it originates from the
correct domain for that address.
Nope, never spam from inside the network. I've never had that problem with
my users. I guess I'm lucky that way. There's no way (currently) to use my
hosts as open relays either.
It seems things have calmed down now with the use of the
whitelist_from_rcvd inclusion.
I'm glad it worked and that there was no more serious problem lurking
behind the symptoms.
{^_-}
