Black list "From email" |
Post Reply 
|
| Author | |
Stupid 
Senior Member 
Joined: 28 November 2005 Status: Offline Points: 127 |
 Post Options
 Thanks(0)
 Quote Reply
 Topic: Black list "From email"Posted: 12 July 2007 at 2:32pm |
|
I am thinking to put all our users email addresses into Blacklist "From email." The Spamfilter ISP is not our outgoing SMTP server; it is a receiving only.
The reason for doing this is that very often spammer would spoof the From email address like this: From: John@abc.com To: Jane@abc.com I got questions from users like every other day. Is this a good strategy? |
|
 |
|
|
mbrusl
Groupie 
Joined: 05 December 2005 Location: Thunder Bay Ont Status: Offline Points: 61 |
Post Options
Thanks(0)
Quote Reply
Posted: 13 July 2007 at 12:14am |
|
If you put your mail server's smtp on an alternate port and let Spamfilter handle both incoming and outgoing, I beleave you wont have to problem that much. Spamfilter is capable of handling authentication for your users then handing off mail to your mail server to actually do the sending of the mail. This is the way I have mine setup and it traps all spam on both sides. It also tells me if a user on the network has been abusing/sending spam.
|
|
|
|
|
IKILLSPAM1
Groupie
Joined: 02 May 2007 Location: United States Status: Offline Points: 70 |
Post Options
Thanks(0)
Quote Reply
Posted: 13 July 2007 at 12:09pm |
|
Hey Stupid, lol, well that is your name. An easier approach would be to go into Filter Settings and check off From domain = To Domain This would block your example above. I do this as well. |
|
|
|
|
Stupid
Senior Member
Joined: 28 November 2005 Status: Offline Points: 127 |
Post Options
Thanks(0)
Quote Reply
Posted: 13 July 2007 at 12:44pm |
|
This has already been checked. didn't not work.
|
|
|
|
|
LogSat
Admin Group 
Joined: 25 January 2005 Location: United States Status: Offline Points: 4104 |
Post Options
Thanks(0)
Quote Reply
Posted: 14 July 2007 at 11:41am |
|
Please note that SpamFilter acts upon the addresses specified in the "MAIL FROM" and "RCPT TO" commands. Any other emails specified in the "To:" and "From:" headers are ignored as they are only used to display an address in email clients, and are not the ones emails will be delivered to.
Also please remember that, instead of using the more "Dart Vader-like" rule of blocking emails where the "from domain = to domain" you could implement an SPF (Sender Policy Framework) DNS record in your DNS. As SpamFilter does support the SPF standard, this will allow you to specify what IP networks are allowed to send emails "from" you domain. |
|
|
|
|
WebGuyz
Senior Member
Joined: 09 May 2005 Location: United States Status: Offline Points: 348 |
Post Options
Thanks(0)
Quote Reply
Posted: 14 July 2007 at 11:21pm |
|
However, SPF doesn't do any good if the spammer used the 'Return Path' to specify the senders name as SPF only checks the FROM: field.
|
|
|
http://www.webguyz.net
|
|
|
|
|
mbrusl
Groupie
Joined: 05 December 2005 Location: Thunder Bay Ont Status: Offline Points: 61 |
Post Options
Thanks(0)
Quote Reply
Posted: 15 July 2007 at 3:59am |
|
Why not add domainkeys to the mix as another filter check. Shouldn't be that difficult to do. Think of it this way, one of the only frontend spam filtering appz out on the market that has both. SPF and DomainKeys.
Michael |
|
|
|
|
LogSat
Admin Group
Joined: 25 January 2005 Location: United States Status: Offline Points: 4104 |
Post Options
Thanks(0)
Quote Reply
Posted: 15 July 2007 at 9:52am |
Actually the "Return-Path" header cannot be used by spammers/users. The "Return Path" header is added by *mail servers* when they receive the email. It will replace whatever "Return-Path" is already present in the email, and will be populated by the mail server with the address in the "MAIL FROM" command, which is the one SpamFilter acts upon. Please note that SpamFilter will also add another header, X-SF-RX-Return-Path, that will contain the same address we added in the "Return-Path". This is because when SpamFilter forwards an email to a server, this latter mail server will also replace the "Return-Path" with the "MAIL FROM" it receives. We just want to make sure we document in the email's headers what "MAIL FROM" was used to send the email to SpamFilter, in case this somehow changes during the email's life. |
|
|
|
|
Stupid
Senior Member
Joined: 28 November 2005 Status: Offline Points: 127 |
Post Options
Thanks(0)
Quote Reply
Posted: 16 July 2007 at 6:02pm |
|
Well, do you guys think my method will work though?
|
|
|
|
|
LogSat
Admin Group
Joined: 25 January 2005 Location: United States Status: Offline Points: 4104 |
Post Options
Thanks(0)
Quote Reply
Posted: 17 July 2007 at 10:12pm |
|
I honestly do not think it would work. Enabling the filter that blocks emails where the "FROM domain = TO domain" should stop all the same emails that would be stopped if you added all your users in a "from blacklist". In addition, the "FROM domain = TO domain" filter should also block additional emails even from fake senders that simulate incorrect, random users from your domains, which would not be blocked by your blacklist.
Please note that SpamFilter ignores the address in the "From" header, as that is used only to display an email address in Outlook clients. The actual address being acted upon is the one specified in the "MAIL FROM" command, which is usually the same one that mail servers will add to the "Return Path". SpamFilter logs that address in the header "X-SF-RX-Return-Path". |
|
|
|
Topic Options
IKILLSPAM1 wrote:|
Post Reply
|
|
Tweet
|
| Forum Jump | Forum Permissions You cannot post new topics in this forum You cannot reply to topics in this forum You cannot delete your posts in this forum You cannot edit your posts in this forum You cannot create polls in this forum You cannot vote in polls in this forum |
This page was generated in 0.199 seconds.