Having a little trouble with Spamassasin identfying spam emails coming from a domain of mine.
The spam email is coming in from a return-path of someone@spammer.com
, but the from field in the header is being set as someone@mydomain.com
.
I've done a test by connecting to the smtp server, and setting my own from address (someone@spammer.com
) and then using a different one in the DATA headers as someone@mydomain.com
.
When i test it myself, spamassasin marks it as spam with the following variables:
X-Spam-Status: Yes, score=5.0 required=4.5 tests=ALL_TRUSTED,FROM_ADDR_WS,
HEADER_FROM_DIFFERENT_DOMAINS,MISSING_DATE,MISSING_HEADERS,MISSING_MID
However, on the original spam email I received externally, HEADER_FROM_DIFFERENT_DOMAINS
does not get triggered!
In fact, the original spam email had a score of 0!
Any ideas why this could be? I have checked the original email and I can clearly see the return-path domain and the From:
field are both different domains.
My goal is to mark any emails as spam if they have a different domain in the return-path to the from field, I thought that HEADER_FROM_DIFFERENT_DOMAINS
rule would do this but it doesn't seem to have happened on the original spam email I got.
Any ideas where I'm going wrong?
Thanks!
Best Answer
First, you should really consider disabling accepting mail from yourdomain.com addresses without SASL authentication with something like
smtpd_sender_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unauthenticated_sender_login_mismatch, permit
The second thing is that what these spammer guys probably do is they feed you non-fqdn From: header (e.g.
From: mary
) that gets expanded on your system upon reception. Hence there's no domain mismatch, as there's no domain on a milter level in theFrom:
field.