Spam spoofing email address

I’ve been getting in the past few weeks loads of spam that is spoofing my email address, so that Spamassassin gives it a score of -100 immediately, as my email address is in the auto whitelist.

Is anyone else encountering these problems, and if so any suggestions on how to solve this?

These are the headers from an example spam email:

[code:1]Return-Path: <info@mydomain.co.uk>
X-Spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on
servername.mailserverdomainname.eu
X-Spam-Level:
X-Spam-Status: No, score=-82.9 required=5.0 tests=BAYES_40,
HTML_FONT_LOW_CONTRAST,HTML_IMAGE_ONLY_08,HTML_MESSAGE,HTML_SHORT_LINK_IMG_1,
MIME_HTML_ONLY,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_XBL,RDNS_NONE,URIBL_AB_SURBL,
URIBL_BLACK,URIBL_JP_SURBL,URIBL_SBL,URIBL_SC_SURBL,URIBL_WS_SURBL,
USER_IN_WHITELIST autolearn=no version=3.2.4
X-Original-To: info@mydomain.co.uk
Delivered-To: info@mydomain.co.uk@servername.mailserverdomainname.eu
Received: from aa4df.com (unknown [118.221.241.143])
by servername.mailserverdomainname.eu (Postfix) with SMTP id 3E73E770178
for <info@mydomain.co.uk>; Tue, 9 Dec 2008 09:28:04 +0000 (GMT)
To: <info@mydomain.co.uk>
Subject: RE: Message
From: <info@mydomain.co.uk>
MIME-Version: 1.0
Importance: High
Content-Type: text/html
Message-Id: <20081209092805.3E73E770178@servername.mailserverdomainname.eu>
Date: Tue, 9 Dec 2008 09:28:04 +0000 (GMT)[/code:1]

Thanks,

Paul

Hi Paul,

One option is that you could always disable that particular rule if you find it’s causing problems.

To disable it globally, you could edit /etc/spamassassin/local.cf, and set:

score USER_IN_WHITELIST 0

Or to disable it locally, just for your user, you can edit $HOME/.spamassassin/user_prefs and add the same line,
-Eric

Hi Eric,

Thanks for the suggestion - if I wanted to have this switch set for just one domain should I add it to:

/home/mydomain/.spamassassin/user.prefs

or do I need to add it to each individual user?

Many Thanks,

Paul

So far as I know, you’ll need to do it for each user.

Each user has their own user.prefs, and I don’t believe that /home/mydomain/.spamassassin/user.prefs is consulted for anyone but the primary account for the domain.
-Eric

Eric - you’re a genius.

I will now skip around my office in joy.

Thanks again,

Paul

Install a SPF milter maybe ?

I’ve got the same issue, and it’s starting to annoy me. I don’t want to globally disable the option to assume email from domain is good.

Does postfix not have spf checking in it on virtualmin already?

The suggestion by Eric above definitely works (I changed it just for the users that are having the problem), so I haven’t needed to use an SPF milter as suggested by Scott. This wouldn’t work if you have 1000 users however!

It would be great if Virtualmin included the SPF milter though.

Regarding SPF – that’s something supported by SpamAssassin:

http://spamassassin.apache.org/full/3.0.x/dist/doc/Mail_SpamAssassin_Plugin_SPF.html

It was enabled by default on my Ubuntu install – make sure "loadplugin Mail::SpamAssassin::Plugin::SPF" is being run somewhere in /etc/spamassassin/.

Also, what version of SpamAssassin are you running? If you have version 3.2 or newer, it’ll need the Mail::SPF Perl module (which was installed by default on my system I believe). If it’s older than 3.2, you need the Mail::SPF::Query Perl module to do SPF within SpamAssassin.
-Eric

I’m on CentOS 5.2 running spamassasin 3.2.4 - can’t find spamassasin on the disk anywhere though :confused:

I’ve installed Mail::SPF but as above can;t find the config file to enable the spf checking.

tried to edit but it said i’d hit an error!

found the config files eventually, they’re under /usr/share/

the plugin Mail::SpamAssassin::Plugin::SPF is called in init.pre and chekcing a newly arrived mail it now appears to be doing spf lookups. not sure why mail::spf wasn’t already installed.