[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: Re: OT: Spam Problems
- From: James Wilkinson <fedora@xxxxxxxxxxxxxxxxxx>
- Date: Mon, 9 Jul 2012 20:13:23 +0100
- Delivered-to: users@xxxxxxxxxxxxxxxxxxxxxxx
- In-reply-to: <20120709111326.GA2534@fritha.org>
- Reply-to: Community support for Fedora users <users@xxxxxxxxxxxxxxxxxxxxxxx>
- User-agent: Mutt/1.5.21 (2010-09-15)
Errol Mangwiro wrote:
> Does anyone know of a way I can tighten fake sender policies & prevent
> this from occuring again?
Heinz Diehl wrote:
> You can't prevent people from faking the From: header.
But you can detect those fakes.
Bounces should be sent to the SMTP envelope FROM address, not the
address in the header. (For example, once this message has gone through
the fedoraproject.org servers, it will have an SMTP FROM address of
users-bounces@xxxxxxxxxxxxxxxxxxxxxxx , so mailman should get any
bounces, but it will still have
From: James Wilkinson <fedora@xxxxxxxxxxxxxxxxxx>
up there, so you lucky people can reply to me.
BATV is a technique for rewriting the SMTP FROM address to include a
cryptographic token that is unique to that email. Any bounces including
one of those tokens must at least have seen that email; any bounces to
the plain address must therefore have been sent in reply to something
that didn’t go through your servers.
BATV isn’t perfect, or at least, the rest of the Internet isn’t perfect.
It does things according to specs in ways some things don’t expect. It
also does require that all your outgoing email goes through
BATV-rewriting servers.
Alternatively, SpamAssassin has rules to detect bounces. A competent
mail filtering program should be able to filter all bounces into a
separate folder.
> Any spamfilter
> or network admin who tags email as spam according to From: is a moron.
Now that I would dispute: if the email purports to come from a known
spammer, then I don’t see why I shouldn’t gleefully reject or sort their
email accordingly!
You could compare it to an identity thief who stole the identity of
a known terrorist and flew into Washington, London or Jerusalem under
that identity.
Hope this helps,
James.
--
E-mail: james@ | [Alan] finally installed his cuckoo clock on the wall.
aprilcottage.co.uk | For some reason this involved falling over in the dark in
| the garden, but I haven't dared ask about that yet. I
| don't -think- he was trying to catch a cuckoo to put
| inside it, but you never know. -- Telsa Gwynne's Diary
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
[Older Fedora Users]
[Fedora Announce]
[Fedora Package Announce]
[EPEL Announce]
[Fedora News]
[Fedora Cloud]
[Fedora Advisory Board]
[Fedora Education]
[Fedora Security]
[Fedora Scitech]
[Fedora Robotics]
[Fedora Maintainers]
[Fedora Infrastructure]
[Fedora Websites]
[Anaconda Devel]
[Fedora Devel Java]
[Fedora Legacy]
[Fedora Desktop]
[Fedora Fonts]
[ATA RAID]
[Fedora Marketing]
[Fedora Management Tools]
[Fedora Mentors]
[SSH]
[Find Someone Special]
[Fedora Package Review]
[Fedora R Devel]
[Fedora PHP Devel]
[Kickstart]
[Fedora Music]
[Fedora Packaging]
[Centos]
[Fedora SELinux]
[Fedora Legal]
[Fedora Kernel]
[Fedora QA]
[Fedora Triage]
[Fedora OCaml]
[Coolkey]
[Virtualization Tools]
[ET Management Tools]
[Yum Users]
[Tux]
[Yosemite News]
[Yosemite Photos]
[Linux Apps]
[Maemo Users]
[Gnome Users]
[KDE Users]
[Fedora Tools]
[Fedora Art]
[Fedora Docs]
[Maemo Users]
[Asterisk PBX]
[Fedora Sparc]
[Fedora Universal Network Connector]
[Libvirt Users]
[Fedora ARM]
