Spoofed sender is causing AWL problems

[vandehey]

Hello, we are getting hit pretty hard with SPAM that have spoofed sender headers. This is causing AWL to adjust with a high negative score, which is putting this below the spam threshold.

I see from past posts, that SPF is the 'preferred' method of dealing with this. We aren't huge fans of SPF, and don't want to implement it. Does anyone else have suggestions or things they have implemented to stop the sender forgery? Or adjustments to AWL, or SA?

Here is what a false-negative spam score is looking like from spoofed sender:

X-Spam-Status: No, score=2.41 tagged_above=-10 required=3.4 tests=[AWL=-6.431,
BAYES_95=3, LONGWORDS=1.803, RCVD_IN_PBL=0.905, RCVD_IN_XBL=3.033,
RDNS_NONE=0.1]

Thanks for the help.

[uxbod]

Have a look at my post here :- my zimbra smtp used by someone

You may be able to use SpoofProtection.

[vandehey]

Thanks for the reply. I think we are going to adjust our outward facing MTA to reject mail from our own domain, unless it's via authenticated SMTP and SSL.

[uxbod]

I have implemented it on our Zimra MTA proxy and it was fine. Only difference to my original post was that the path needed to be /opt/zimbra/postfix/conf. Next step will be to use a LDAP call so that when a new domain is added the hash file would not need to be updated.