@Mike Haas: It is not possible to configure such rule, i.e. block the email if the MIME From and Return-Path addresses do not match (this would block many legitimate emails as well by the way, as it is absolutely legal to use different addresses in these fields according to RFCs). Is Yahoo only the return-path email address, or the SMTP sender address, too (i.e. the sender address ORF logged)? Are there any URLs in these emails?
If they are not originated from Yahoo servers but compromised servers and workstations (botnets), DNSBLs (like Spamhaus ZEN, CBL, Spamcop, NJABL, SORBS) will most likely catch them. If they are sent from Yahoo accounts, your best shot is content filtering (URL blacklists like Spamhaus DBL, uribl.com, SURBL: Combined) and carefully crafted Keyword Blacklist expressions.
If they are not originated from Yahoo servers but compromised servers and workstations (botnets), DNSBLs (like Spamhaus ZEN, CBL, Spamcop, NJABL, SORBS) will most likely catch them. If they are sent from Yahoo accounts, your best shot is content filtering (URL blacklists like Spamhaus DBL, uribl.com, SURBL: Combined) and carefully crafted Keyword Blacklist expressions.
Krisztian Fekete
(March 18, 2011)
in response to this post
in response to this post
is there a way in ORF to block yahoo email that specifies a different from?
like...
From: spoofeduser <
Return-Path: