LogSat Software

Message Topic Search Topic Options Post Reply Create New Topic Printable Version Translate Topic

   Hey all (and Roberto in particular),

SFI is working great here and is well exceeding my expectations however
I have a problem that there may be a current workaround for or maybe
this "hole" may need to be added to the wishlist for investigation.

If a spammer sends us mail using our domain (eg mydomain.com) that is
being spoofed and the same domain (mydomain.com) is in the Excluded
FROM Emails whitelist the message will bypass the filters. Is there
anyway whatsoever to have other filters (blacklist type) overide
whitelist rules?

Maybe something like :overide at the end of the blacklist entry rule could take priority over any whitelisting.

Examples

In HoneyPot or FROM Emails it would be spoofuser@mydomain.com:overide (obviously this couldnt reflect a real email address).

In Keywords Filter it would be email advertise like this:overide

Whilst we could just remove mydomain.com from the whitelist I
would prefer to keep the domain listed to ensure that users sending
mail from there home's ISP are less likely to experiance problems when
their ISP's server is blacklisted.

Any ideas on an existing solution or have you come across this scenerio Roberto.

Author	Message Topic Search Topic Options Post Reply Create New Topic Printable Version Translate Topic
__M__ Members Profile Send Private Message Find Members Posts Add to Buddy List Groupie Joined: 30 August 2006 Location: Australia Status: Offline Points: 75	Post Options Post Reply Quote __M__ Report Post Thanks(0) Quote Reply Topic: SFI and Whitelisted Email Address From Posted: 29 September 2006 at 4:08am
	Hey all (and Roberto in particular), SFI is working great here and is well exceeding my expectations however I have a problem that there may be a current workaround for or maybe this "hole" may need to be added to the wishlist for investigation. If a spammer sends us mail using our domain (eg mydomain.com) that is being spoofed and the same domain (mydomain.com) is in the Excluded FROM Emails whitelist the message will bypass the filters. Is there anyway whatsoever to have other filters (blacklist type) overide whitelist rules? Maybe something like :overide at the end of the blacklist entry rule could take priority over any whitelisting. Examples In HoneyPot or FROM Emails it would be spoofuser@mydomain.com:overide (obviously this couldnt reflect a real email address). In Keywords Filter it would be email advertise like this:overide Whilst we could just remove mydomain.com from the whitelist I would prefer to keep the domain listed to ensure that users sending mail from there home's ISP are less likely to experiance problems when their ISP's server is blacklisted. Any ideas on an existing solution or have you come across this scenerio Roberto.

LogSat Members Profile Send Private Message Find Members Posts Add to Buddy List Admin Group Joined: 25 January 2005 Location: United States Status: Offline Points: 4104	Post Options Post Reply Quote LogSat Report Post Thanks(0) Quote Reply Posted: 29 September 2006 at 3:40pm
	We recommend not whitelisting your domain, since, as you already noticed , spammers will spoof it to send you emails. To protect administrators from this, there is already a very efficient solution. It's SPF (Sender Policy Framework). Please see www.openspf.org for more details. In short however, SPF is used by administrators to identify, via DNS, the servers/subnets that are authorized to send emails using your domain name. If a mail server supports SPF (SpamFilter does...), when an email arrives from a domain, the server will query the domain's DNS for their SPF record. The SPF record will tell the server if that IP is authorized to send emails for that domain. If it's not, the email is rejected.
	Roberto Franceschetti LogSat Software Spam Filter ISP

LogSat Software

Site Navigation[Skip]

Spam Filter ISP Support Forum

SFI and Whitelisted Email Address From