| spam from my domain! [message #698] |
Wed, 07 March 2007 16:11 |
|
|
Hi there,
we recieved some spam from fake email adress of our domain!
how can I block them?
any help is appriciated!
star-pak
|
|
|
|
| Re: spam from my domain! [message #699 is a reply to message #698] |
Thu, 08 March 2007 12:11  |
support
Messages: 925
Registered: April 2004
|
Senior Member |
|
|
> we recieved some spam from fake email adress of our domain!
> how can I block them?
> any help is appriciated!
If you are sure that you never receive legitimate emails from your own domain,
you can put it on the blacklist.
Customer Support
Byteplant GmbH
|
|
|
|
|
|
| Re: spam from my domain! [message #701 is a reply to message #699] |
Mon, 12 January 2009 10:23 |
fuchur
Messages: 1
Registered: January 2009
|
Junior Member |
|
|
Hello,
we have the same problem that we receive mails from our own domain. In our case we receive legitimate e-mails from our domain so it's not possible to put our domain on the blacklist. Isn't there another possibility to block these spams?
Thank's in advance
and Best Regards,
fuchur
|
|
|
|
| Re: spam from my domain! [message #702 is a reply to message #701] |
Tue, 13 January 2009 10:38 |
support
Messages: 925
Registered: April 2004
|
Senior Member |
|
|
> we have the same problem that we receive mails from our own
> domain. In our case we receive legitimate e-mails from our
> domain so it's not possible to put our domain on the blacklist.
> Isn't there another possibility to block these spams?
If you don't filter local mail (mail within your organization) and outgoing mail with NoSpamToday!, you can blacklist your domain.
Configure all mail clients to submit outgoing mail messages to your mail server directly!
Customer Support
Byteplant GmbH
|
|
|
|
| Re: spam from my domain! [message #703 is a reply to message #698] |
Wed, 04 March 2009 16:17 |
MBSA
Messages: 3
Registered: March 2009
|
Junior Member |
|
|
I have a similar problem. We have a lot of domains registred and if a spam gets through, is usually one with a spoofed (one of our own...) sender address.
I have configured SPF records for those domains. So if the SA engine checks the SPF, the spoofed mails should be stopped. But unfortunatly they do not. How can I increase the score for a failed SPF-check so SA labels those mails as spam ?
Thank you
M
|
|
|
|
| Re: spam from my domain! [message #704 is a reply to message #703] |
Fri, 06 March 2009 12:24 |
support
Messages: 925
Registered: April 2004
|
Senior Member |
|
|
> I have a similar problem. We have a lot of domains registred
> and if a spam gets through, is usually one with a spoofed (one
> of our own...) sender address.
> I have configured SPF records for those domains. So if the SA
> engine checks the SPF, the spoofed mails should be stopped. But
> unfortunatly they do not. How can I increase the score for a
> failed SPF-check so SA labels those mails as spam ?
How about adding *@yourdomain.com to the blacklist in this case ?
Customer Support
Byteplant GmbH
|
|
|
|
| Re: spam from my domain! [message #705 is a reply to message #698] |
Mon, 09 March 2009 14:38 |
James Wilkinson
Messages: 14
Registered: July 2007
|
Junior Member |
|
|
A bunch of rules like this should do the trick:
header __LOCAL_ENV_FROM_EXAMPLE EnvelopeFrom =~ /\@example\.com$/
meta LOCAL_EXAMPLE_SPF_FAIL __LOCAL_ENV_FROM_EXAMPLE && SPF_FAIL
describe LOCAL_EXAMPLE_SPF_FAIL Not from example.com (SPF fail)
score LOCAL_EXAMPLE_SPF_FAIL 3.0
Put that lot in local.cf, run sa-lint.bat (make sure there are no errors after the sa\spamassassin.cf line) and restart NoSpamToday.
Note 1: change example.com to whichever domain you want to check. Technically, you should put a backslash("\") in front of each dot, but leaving them out is unlikely to cause problems. (You do need a backslash in front of "@"s.) You could use more advanced regexps to put all the domains into one rule, but it's simpler having one set of rules per domain.
Note 2: you'll have to have one set of rule names per example: only one definition of a particular rule name will be used. So if you have alpha.example.com and beta.example.com, go for names like __LOCAL_ENV_FROM_ALPHA and __LOCAL_ENV_FROM_BETA
Note 3: This checks EnvelopeFrom, not From, which is what SPF checks anyway. There are occasions when non-spam email (for example, mail sent from a website at the request of one of your users to another of your users) will have a From address at your domain. These should have an EnvelopeFrom domain of the website, but occasionally, wanted email will still incorrectly have an EnvelopeFrom of your domain. For that reason, I wouldn't score this rule much over 3.0: matching spam is very likely to hit enough rules to stop it, but wanted email still has a chance of getting through.
|
|
|
|
Members
Search
Help
Register
Login
Home
