[milters] Archive

Lists Index Date Thread Search

Article: 403
From: Joe Matuscak
Date: 2005-03-21 10:41:28 -0500
Subject: Whitelist problem with milter-spamc?

Removal...........: milters-request@milter.info?subject=remove
More information..: http://www.milter.info/#Support
--------------------------------------------------------


I just received a phishing email that looks to me like milter-spamc 
decided it should whitelist based on a spoofed "from".

Here are the headers of the email;

Return-Path: <root@localhost.localdomain>
Received: from localhost.localdomain (sidewinder2.leros.net 
[209.124.2.34])
     by mailhub.rohrer.com (8.13.1/8.13.1) with ESMTP id j2L6CRlb001138
     for <Matuscak@Rohrer.com>; Mon, 21 Mar 2005 01:12:27 -0500
Received: (from root@localhost)
     by localhost.localdomain (8.11.6/8.11.6) id j2L6DKr12775;
     Mon, 21 Mar 2005 01:13:20 -0500
Date: Mon, 21 Mar 2005 01:13:20 -0500
Message-Id: <200503210613.j2L6DKr12775@localhost.localdomain>
To: Matuscak@Rohrer.com
Subject:  Online Account Problem
From: Customer Service <personalbanking@id76434.keybank.com>
Content-Type: text/html


Here are the syslog entries:

Mar 21 01:12:27 mailhub milter-spamc[2873]: 15435 j2L6CRlb001138: sender 
<root@localhost.localdomain> white listed, skipping

Mar 21 01:12:27 mailhub milter-spamc[2873]: 15435 j2L6CRlb001138: 
RCPT='<Matuscak@Rohrer.com>' rcpt_addr='matuscak' rcpt_host='' 
rcpt_mailer='local'

Mar 21 01:12:27 mailhub sendmail[1138]: j2L6CRlb001138: 
from=<root@localhost.localdomain>, size=1724, class=0, nrcpts=1, 
msgid=<200503210613.j2L6DKr12775@localhost.localdomain>, proto=ESMTP, 
daemon=MTA, relay=sidewinder2.leros.net [209.124.2.34]

Mar 21 01:12:28 mailhub sendmail[1142]: j2L6CRlb001138: 
to=<Matuscak@Rohrer.com>, ctladdr=<root@localhost.localdomain> (0/0), 
delay=00:00:01, xdelay=00:00 :01, mailer=local, pri=32053, dsn=2.0.0, 
stat=Sent


I do have the stock (on Fedora anyway) lines in my access file for 
localhost:

# by default we allow relaying from localhost...
localhost.localdomain           RELAY
localhost                       RELAY



Is this a problem with milter-spamc or something messed up in my 
configuration?

Thanks,

Joe Matuscak
Rohrer Corporation
717 Seville Road
Wadsworth, Ohio 44281
(330)335-1541
matuscak@rohrer.com


Lists Index Date Thread Search