Discussion:
SPAM by same email as recipient?
Rodney Mitchell
2013-10-13 21:33:06 UTC
Permalink
Hiyas,

Maybe there is a quick fix here?

If the email is many spam emails come into the INBOX and they are
from , any suggestions?

Thanks, Rod.
---- Message sent via Adam Internet WebMail - http://www.adam.com.au/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20131014/b534d356/attachment.html
John Wilcock
2013-10-14 06:14:36 UTC
Permalink
If the email is <testing at melecom.com.au> many spam emails come into the
INBOX and they are from <testing at melecom.com.au>, any suggestions?
By far the best solution is to configure your SMTP server not to accept
unauthenticated mail from domains that it serves.

If this isn't possible in your setup, have a look at the __TO_EQ_FROM
rule in the standard ruleset. This is only used in other meta rules, but
you could experiment with scoring it, making sure you exclude any
genuine messages that you might send to yourself, for example:
meta TO_EQ_FROM_UNTRUSTED meta __TO_EQ_FROM && !ALL_TRUSTED

John.
--
-- Over 5000 webcams from ski resorts around the world - www.snoweye.com
-- Translate your technical documents and web pages - www.tradoc.fr
Martin Hepworth
2013-10-14 11:46:21 UTC
Permalink
Also do NOT whitelist the domains you serve in MailScanner.conf (is
definitely not spam) or spamassassin

Also having the list of any rules hit is always useful in the headers so
you can see why it's getting through.. (or not)

I always add the SA info into email headers to see what the score and rule
hits are ( helps with debug), in MailScanner.conf make sure the follow are
set thus:

Spam Score Number Format = %5.2f

Detailed Spam Report = yes

Include Scores In SpamAssassin Report = yes

Always Include SpamAssassin Report = yes

Spam Score Number Format = %5.2f
--
Martin Hepworth, CISSP
Oxford, UK
Post by John Wilcock
If the email is <testing at melecom.com.au> many spam emails come into the
INBOX and they are from <testing at melecom.com.au>, any suggestions?
By far the best solution is to configure your SMTP server not to accept
unauthenticated mail from domains that it serves.
If this isn't possible in your setup, have a look at the __TO_EQ_FROM
rule in the standard ruleset. This is only used in other meta rules, but
you could experiment with scoring it, making sure you exclude any
meta TO_EQ_FROM_UNTRUSTED meta __TO_EQ_FROM && !ALL_TRUSTED
John.
--
-- Over 5000 webcams from ski resorts around the world - www.snoweye.com
-- Translate your technical documents and web pages - www.tradoc.fr
--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner
Before posting, read http://wiki.mailscanner.info/posting
Support MailScanner development - buy the book off the website!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20131014/17d6f8a7/attachment.html
Continue reading on narkive:
Loading...