On Sun, 11 Sep 2011, Martin Gregorie wrote:
On Sun, 2011-09-11 at 13:47 -0700, rutra80 wrote:
Hello, lately I receive spam which looks like coming from my domain,
sometimes it is spoofed like coming from accounts that don't exist, and
sometimes from the ones that really do. The only SA rule that it triggers is
Bayesian one, with nearly 100% probability - it assigns 3.5 points, but my
rejection limit is set to 4.5 and I'm not eager to lower it. What would be
the most elegant and technically correct way to get rid of the problem?
Some spammer is forging your host name as sender and randomly generating
user names.
Set up an SPF record for your domain and make sure its valid by testing
it with a validation tool.
SPF references
==============
<http://www.openspf.org> provides an overview, documentation and SPF
record builder wizards.
<http://www.kitterman.com/spf/validate.html> has test tools to validate
your SPF record after its built and again when it has been installed.
However a simple SPF fail doesn't score many points. To deal with the
exact same issue I added a custom local rule (a __rule so it doesn't
score points) that looks for our domain name in the From and combined
that with SPF_FAIL in a meta that really whacks the score.
IE, in general it's not safe to use SPF_FAIL as a one-shot-kill but
when restricted to our domain I can trust it.
--
Dave Funk University of Iowa
<dbfunk (at) engineering.uiowa.edu> College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{
