Mailing List Archive

Fwd: Re: From Spoofed
Sorry,

Thought I did replay all, but did not.

I did find a whitelist line I missed.  I guess the third time IS the
charm as the saying goes.  I will be monitoring her Inbox again today to
see if that solves it.

The server is on a version of Linux that may have stopped getting
updates so I suppose that is why the spamassassin version is old.  I
will endeavor to update the server soon.

Thanks for all the answers!  I don't participate because I'm just good
enough to maintain my customers email servers, but I really appreciate
the expertise on this list.

Y'all have some fun,
Robert


-------- Forwarded Message --------
Subject: Re: From Spoofed
Date: Wed, 26 Feb 2020 08:34:16 -0600
From: Robert A. Ober <robob@robob.com>
To: David B Funk <dbfunk@engineering.uiowa.edu>



On 2/25/20 9:04 PM, David B Funk wrote:
> On Wed, 26 Feb 2020, Benny Pedersen wrote:
>
>> Robert A. Ober skrev den 2020-02-26 02:28:
>>
>>> I have a user that is getting many emails with obscene subjects.
>>> Someone is spoofing the From to include the users domain so the email
>>> is hitting "USER_IN_WHITELIST".  I have installed the plugins from
>>> extremeshok and it has not stopped the problem.
>>
>> remove whitelist_from in spamassassin, or change it to score -0.1
>>
>> i will not argue on why whitelist_from even exists
>>
>>> The SUBJECT_FUCKBUDDY rule has a score of 3.0 .
>>
>> change score to 300
>>
>> upgrade to 3.4.4 btw
>
> I won't argue with the recommendation to upgrade but his real problem is:
>
>> Someone is spoofing the From to include the users domain so the email is
> hitting "USER_IN_WHITELIST"
>
> That says somebody has taken the users' domain and added it to a
> "whitelist_from" statement. That is -not- a SA default.
>
> So first kill that ill-advised whitelist_from
>
–––––––––––––––––––––––––––––––––––––––

I did that previously, but I will check again.

Thanks all for the answers, I will read them all hopefully within the hour.

Robert
Re: From Spoofed [ In reply to ]
On 26 Feb 2020, at 10:16, Robert A. Ober wrote:

> don't participate because I'm just good enough to maintain my
> customers email servers,

Which puts you in the top 99.999th percentile of email server skills
worldwide!

--
Bill Cole
bill@scconsult.com or billcole@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not For Hire (currently)