Need Spamassassin rule to detect recipient equal to sender

I whitelist my domains because I have many companies receiving mail on this server and I don't want intra-company mail to be flagged as spam EVER. You can't do this with trusted hosts because you never know where the mail will be originating. I could trust their office mail server but they also send through their homes, on the road, even internationally.

As far as the "cannot be done" statement goes, I find that hard to accept. I was told years ago that modems would never go faster than 9600 baud and CPU's would never exceed 32Mhz.

I am not opposed to using several rules to accomplish this. I'm also not opposed to some external PERL. I'm looking for guidance on how it can be done.

In that case you should trust their mail server and require all users sending mail from elsewhere to use smtp authentication.

If you are not using smto authentication how are you controlling relaying?
If you allow relaying for any email where the from address is from one of your domains then you will soon be used to relay spam and end up getting blacklisted yourself.

In order to do what you want you will have to write the following rules :-
1) A rule to match the users email address in the To or CC field.
2) A rule to match the users email address in the From field.
3) Write a meta rule to match when both rules 1 & 2 are true.
4) Assign a score to the meta rule.

You will need to do this for every single email address that is valid. For large numbers of users this can result in a huge number of rules.

If a user sends email from home or on the road using the company address as a sender (very common) they won't use my trusted server. This also goes for people who send email using a PDA or phone. If you don't understand my position, you've never been on the other end of a phone with the president of one of your clients screaming because the email he sent to a VP got stuck in his spam folder and some critical action didn't take place.

You are correct that if they don't use the same address in both fields this won't help, but that's not the problem I'm having right now. The technique that is working for spammers on my system is using the same address.  Until I see the technique you mentioned become an issue, I'll settle for this.

As far as a user sending himself a reminder, this is why I want to address this within Spamassassin. Whitelisting adds -100 points to a message, I want to add 100 points back if the two addresses match which means normal spam filtering would apply and an actual self-sent message would not normally be flagged.

It might be possible to eliminate the whitelisting and use mimedefang to prevent intracompany mail from being scanned while requiring mail with matching addresses to be scanned. I'll take a look at this.

I don't want to turn this into a forum about relaying so let it suffice to say that I do not have an open relay and I do not use smtp authentication. Clients use various servers to send mail depending on their ISP.

Also, when you work as a service provider and a consultant you don't 'require' your clients to do anything. They require things of you and you deliver. If you work IT at one company you can solve things by requiring your users to do things a different way. In my world, you can't.

Finally, writing one rule for each possible email address is obviously not a reasonable approach.

Well I think you need to tell your clients they should be using amtp authentication when sending mail remotely and if they dont then there is a possibility their mail may be classed as spam.

You can give them an option of whitelisting their domain but make them aware that it will cause them to get more spam.

If you look at the way most large email providers do it then they practically always use the first option.

We insist that all users send email through the company servers and they have to use smtp authentication.
Infact we go even furthur and publish a SPF record so anyone not doing so gets a far higher chance of getting classed as spam than normal.
If you dont insist on this then you have no control or accounting on the email system. One user could reply to an email agreeing to a contract term and you would have no record of it.

> Finally, writing one rule for each possible email address is obviously not a reasonable approach.
Unfortunetly that is the only possible way of doing it.
The spamassassin rules dont have any concept of variables. If it did then you could use a regular expression to extract the email address from the FROM field and the TO and CC fields. Then write a rule to compare the two sets of variables. However since there is no variable support you cannot do this.

As I suggested before, if you use sendmail as MTA, you could achieve this easily using mimedefang. You can do all sorts of nice tricks using mimedefang.

Of course, setting up mimedefang and reconfiguring Spamassassin could take you some time and effort.

Thanks for the push in the mimedefang direction. I've never been a fan of it but in this case it was perfect.