[SOLVED] whitelist spam

[tachijuan]

Guys,

I setup a whitelist for my domain by adding a -10.0 rule in /opt/zimbra/conf/amavid.conf

Not knowing any better, I also whitelisted it through /opt/zimbra/conf/salocal.cf.in using "whitelist_from *@mydomain.com"

I did this because, for some reason some of my linux system reports were being flagged as spam (including the one that was coming from my Zimbra server).

Now all of my system reports are coming through, but I have spam that fakes the from: address coming through as well. In other words, I have a spammer that's connecting to my server and using valid to: email addresses and using one of my valid email addresses as the from: field. I looked at the message body and it's definitely coming from outside my environment (italy and brazil so far).

Did I overkill with one of those whitelist rules? Is there a way to prevent this from happening?

Thanks.....

[tachijuan]

I left the -10.0 rule in amavisd.conf but I deleted the "whitelist_from" rule from salocal.cf.in.

I'm now getting my local emails and most of my spam seems to have gone away.


It still doesn't really answer the problem of how do you prevent a user from spoofing the "from" field to come from your domain, but ... I moved on :-)

[ewilen]

You might have a look at this thread: Daily mail report going to Spam ?!

You also really shouldn't need to whitelist your whole domain like that. At most you might want to try to the workaround in this bug (maybe vote for the bug while you're at it).