SpamAssassin question

kbl at adept-hosting.net kbl at adept-hosting.net
Sun Jun 22 03:41:09 UTC 2008


On Saturday 21 June 2008 14:58:48 doug at curreycentral.com wrote:
> I have been playing around trying to get SA working.  So far things seem
> to be going fine except some spam does get delivered.
>
> The problem seems I have added a couple of my domains in the whitelisted.
> In the local.cf file "whitelist_from  *@mydomain.com" problem is when
> someone forges the return address from my domain say "user at mydomain.com"
> the mail always gets delivered. As it should I guess.  Anyway of limiting
> this.  I can't believe its that easy to bypass SA.
>
> Not sure I am reading the headers right but isn't this message also
> failing RBL checks.  If so should I disable them in SA and turn them on in
> Postfix?
>
> Anything else I should try?

Without digging into the SpamAssassin documentation, it occurs to me that you 
may want to look at whitelisting on other headers. Its dead easy to spoof a 
from: header but Received: and other headers are harder to spoof.

There's multiple approaches to using SpamAssassin. One of the simplest is to 
just have SpamAssassin set the X-Spam-Level: header and sort email on that 
header, all marked spam going to a spam folder. You review the spam folder 
contents and delete when you are sure there are no false positivies. 
Whitelisting (I believe) over-rides X-Spam-Level: and you are subject to how 
sneaky the spammers are. Personally, I find X-Spam-Level: is much more 
reliable than any whitelisting, etc., and a whole lot simpler. YMMV.

- ken




More information about the kubuntu-users mailing list