From: Noel Jones (njonesmegan.vbhcs.org)
Date: Tue Dec 02 2008 - 14:20:11 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

J.P. Trosclair wrote:
> I have been working on a similar if not the exact same problem from what
> I've seen in this thread. The problem being from = to address and how to
> stop spam that does this. My idea for a solution to this problem was to
> require any mail claiming to be from a local account to authenticate
> first when arriving from outside of the network and heading to a local
> mailbox. As it has already been pointed out, there are cases where you
> have false positives, in fact I found one yesterday with a user's
> blackberry setup shortly after I set it up. I'm thinking that utilizing
> check_client_access before check_sender_access under
> smtpd_recipient_restrictions and adding exceptions for these few cases
> is a sound solution. It's obviously not perfect because of the
> administration overhead of having to watch for these special
> circumstances. I have yet to test this. Any thoughts on this approach?
>

Very likely there are other, better ways to combat this spam.
  Look for other traits you can use to reject it.

some things to look for:
- client listed on some RBL
- client name that looks dynamic
- using your domain or IP as HELO
- unusual headers
- body text unlikely to be found in legit mail

If that doesn't help, consider adding SpamAssassin and/or ClamAV.

--
Noel Jones

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]