[Mimedefang] Blocking messages spoofed with my own e-mailladdress
Fox, Randy
Randy_Fox at csgsystems.com
Mon Nov 17 14:01:29 EST 2003
> [mailto:mimedefang-bounces at lists.roaringpenguin.com]On Behalf
> Of Jon R. Kibler
> Sent: Monday, November 17, 2003 8:33 AM
> To: mimedefang at lists.roaringpenguin.com
> Subject: Re: [Mimedefang] Blocking messages spoofed with my own
> e-mailladdress
>
>
snip....
> Stefano, your suggestion works great for a local domain whose
> incoming mail server does not do internal relay, but it falls
> apart here, because:
> 1) xyc.com has legit need to send to ourserver.net, and
> 2) all the virtual domains communicate amongst
> themselves through these same mail servers.
>
> We were looking into setting up a database in sendmail that
> would filter domains that are in /etc/mail/virtuser-domains
> based upon the connecting system's netblock, but a brief
> examination showed that was not practical because too many
> users connect from remote locations, or have multiple ISPs
> around the world and use their mail servers, but use their
> local domain as the From: address.
>
> Any suggestions on the best way to handle this?
>
> TIA for all thoughts!
>
> Sincerely,
> Jon R. Kibler
> A.S.E.T., Inc.
> Charleston, SC USA
>
I'd have to study if this works completely for Jon but it should work for Jeff. It's a combination of two filters that effectively work together. We have some departments farm out customer surveys and some trusted venders that do not get checked (thus the filter_relay). We also have a few trusted senders that coming in from outside that we allow (thus the filter_sender). The last filter also enforces a proper usage of a few public email domains.
Hope this helps,
Randy
I used the following two filters:
#***********************************************************************
# The following are trusted locations and should not have filters checked.
sub filter_relay {
my($hostip, $hostname, $helo) = @_;
if (($hostip eq "127.0.0.1") || # localhost
($hostip eq "xxx.xx.xx.xxx") || # Customer Surveys
($hostip eq "xxx.xxx.xxx.xxx") || # Customer Surveys
($hostname =~ /trustedvender.com/)) # vender we trust
{
md_syslog ("notice","$QueueID: trusted site, skipping further filters");
return ('ACCEPT_AND_NO_MORE_FILTERING','ok');
} else {
return ('CONTINUE','ok');
}
}
#***********************************************************************
# Only allow from certain domains if relay hostname ends in same domain
sub filter_sender {
my($sender, $hostip, $hostname, $helo) = @_;
my($i1, $i2);
# Regularize sender to lower-case, no <> signs
$sender = lc($sender);
$sender =~ tr/<>//d;
if (($sender !~ /user1\@ourdomain.com/) && # salesman
($sender !~ /user2\@alternatedomain.com/) && # another salesman
($hostname !~ /customer.com/)) { # trusted customer
# do not check for alternatedomain.com in following because the contractors are spread throughout the Internet
foreach $domain qw(aol.com hotmail.com earthlink.net yahoo.com ourdomain.com) {
$i1 = rindex($sender, $domain);
$i2 = rindex($hostname, $domain);
if ($i1 >= 0 and $i1 == length($sender) - length($domain)) {
if (length($hostname) < length($domain) or
$i2 != length($hostname) - length($domain)) {
return(0, "Mail from $domain not permitted from relay $hostip");
}
}
}
}
return (1, "OK");
}
#***********************************************************************
More information about the MIMEDefang
mailing list