Extension development
Spamhalter's Whitelisting

this is a good one. I totally hate spam and many of my friends are angry with me because they received emails from my email address and I don't know about you, but the subject headings are now done intelligently so it bypass my spam software. Hope they changes some of the Spamhalter's features to accommodate these spamming. 

this is a good one. I totally hate spam and many of my friends are angry with me because they received emails from my email address and I don't know about you, but the subject headings are now done intelligently so it bypass my spam software. Hope they changes some of the Spamhalter's features to accommodate these spamming. 

Recently (the last few months) I've been struggling with spam that has the From-address listed as myself.  Of course, the spammer is spoofing the From-address, and this causes Spamhalter's auto-whitelisting to verify that the From-address is indeed on the whitelist, and it therefore labels it as "Whitelisted" and lets the email through as non-spam.  Due to normal email habits (responding, forwarding, CC to self, etc), sooner or later, your own address ends up in the whitelist, which is why the spoofed-address spam gets thru.

This presents sort of a Catch-22... you certainly don't want your own address labeled as spam on your own system, hence the whitelist entry, and hence opening the door for that sort of spam.  So I checked the "Ignore automatic white-black listing" box.  This makes Spamhalter simply look at the statistical content of the email and score accordingly, thus closing the door of "having self in whitelist" spam/spoofing issue.  But this defeats all the other valid and robust reasons for having the automatic white-black listing, i.e. for all the OTHER addresses in the lists.

So I got to thinking about the whole problem.  I realized that it makes sense that a spammer would assume that your own address would probably be on a whitelist, but they wouldn't have an inkling of an idea about anyone else.  Therefore, they can't spoof just anyone's address... they have to spoof your own.  The auto-whitelisting concept only breaks down (loses it's robustness) for your own address.

As far as I can tell right now, the checkbox to ignore auto-list handling is an all or nothing control, and since I have to enable the control, I then have to manually add addresses into the whitelist (I assume this is what I will have to do).

With that in mind, I think Spamhalter's automatic white-black list handling should reflect entries other than your own address.  If you want your own address in one of those lists, then that entry would be done manually.  In my case, since I have several different email accounts, I think Spamhalter should have an editbox to allow me to enter one or more email-addresses that are exempt from automatic white-black list handling.  This would let me add each of my own addresses for my different email accounts (at least in my case).

Is there some other mechanism to achieve the same result of still using the Automatic while-black listing, but have it omit my own set of addresses?  Or do I not fully understand what Spamhalter is doing with the lists?

jjones

<p>Recently (the last few months) I've been struggling with spam that has the From-address listed as myself.  Of course, the spammer is spoofing the From-address, and this causes Spamhalter's auto-whitelisting to verify that the From-address is indeed on the whitelist, and it therefore labels it as "Whitelisted" and lets the email through as non-spam.  Due to normal email habits (responding, forwarding, CC to self, etc), sooner or later, your own address ends up in the whitelist, which is why the spoofed-address spam gets thru. </p><p>This presents sort of a Catch-22... you certainly don't want your own address labeled as spam on your own system, hence the whitelist entry, and hence opening the door for that sort of spam.  So I checked the "Ignore automatic white-black listing" box.  This makes Spamhalter simply look at the statistical content of the email and score accordingly, thus closing the door of "having self in whitelist" spam/spoofing issue.  But this defeats all the other valid and robust reasons for having the automatic white-black listing, i.e. for all the OTHER addresses in the lists.</p><p>So I got to thinking about the whole problem.  I realized that it makes sense that a spammer would assume that your own address would probably be on a whitelist, but they wouldn't have an inkling of an idea about anyone else.  Therefore, they can't spoof just anyone's address... <i>they have to spoof your own</i>.  The auto-whitelisting concept only breaks down (loses it's robustness) for <i>your own </i>address.</p><p>As far as I can tell right now, the checkbox to ignore auto-list handling is an all or nothing control, and since I have to enable the control, I then have to manually add addresses into the whitelist (I assume this is what I will have to do). </p><p>With that in mind, I think Spamhalter's automatic white-black list handling should reflect entries <i>other than </i>your own address.  If you <i>want </i>your own address in one of those lists, then that entry would be done manually.  In my case, since I have several different email accounts, I think Spamhalter should have an editbox to allow me to enter one or more email-addresses that are <span style="font-style: italic;">exempt </span>from automatic white-black list handling.  This would let me add each of my own addresses for my different email accounts (at least in my case). </p><p>Is there some other mechanism to achieve the same result of still using the Automatic while-black listing, but have it omit my own set of addresses?  Or do I not fully understand what Spamhalter is doing with the lists? </p><p>jjones </p>

It's true that spammers have been very fond of using your own email address as sender now for some time. Earlier this year I made an event daemon that checks for identical MAIL FROM and RCPT TO in the SMTP transaction. It will add a X-Blocked header to the message (which can be used for filtering, or to trigger SpamHalter). In a few special cases the message is refused right away (if the address isn't a valid local recipient, or if there are several such messages sent in sequence from the same IP address).

If there are multiple recipients there will be no action taken, and neither if the sender has authenticated during the SMTP transaction or the message is sent from a sub-net reserved for local use (like the 192.168.0.0 range).

As I've been waiting for some new features in Mercury 4.72 this daemon hasn't been publicly released, only mentioned in some forum threads. It can be downloaded here, though:

http://downloads.serieguide.se/rcptcheck.zip

To install it copy the DLL file to your Mercury directory and add this line in the [Daemons] section of daemon.ini:

RcptCheck = rcptcheck.dll

/Rolf 

<p>It's true that spammers have been very fond of using your own email address as sender now for some time. Earlier this year I made an event daemon that checks for identical MAIL FROM and RCPT TO in the SMTP transaction. It will add a X-Blocked header to the message (which can be used for filtering, or to trigger SpamHalter). In a few special cases the message is refused right away (if the address isn't a valid local recipient, or if there are several such messages sent in sequence from the same IP address).</p><p>If there are multiple recipients there will be no action taken, and neither if the sender has authenticated during the SMTP transaction or the message is sent from a sub-net reserved for local use (like the 192.168.0.0 range).</p><p>As I've been waiting for some new features in Mercury 4.72 this daemon hasn't been publicly released, only mentioned in some forum threads. It can be downloaded here, though:</p><p>http://downloads.serieguide.se/rcptcheck.zip</p><p>To install it copy the DLL file to your Mercury directory and add this line in the [Daemons] section of daemon.ini:</p><p>RcptCheck = rcptcheck.dll</p><p>/Rolf </p>

Thanks much!  I'll give it a try.

jjones

<p>Thanks much!  I'll give it a try.</p><p>jjones </p>

Fot this question it gives a very nice idea, so when you use spamhaus.org - this whitelist want to check the DNS and many more, so then anybody spoof an FROM Adresse, this nive filter want to find it.... we test it with good Results at our Server with dovecot, so i think anybody can do it to your prog!?!?!

Fot this question it gives a very nice idea, so when you use spamhaus.org - this whitelist want to check the DNS and many more, so then anybody spoof an FROM Adresse, this nive filter want to find it.... we test it with good Results at our Server with dovecot, so i think anybody can do it to your prog!?!?!
live preview
enter atleast 10 characters
WARNING: You mentioned %MENTIONS%, but they cannot see this message and will not be notified
Saving...
Saved
With selected deselect posts show selected posts
All posts under this topic will be deleted ?
Pending draft ... Click to resume editing
Discard draft