[Mimedefang] MessageID anti-impersonation function for sub filter()

Joseph Brennan brennan at columbia.edu
Wed May 26 09:06:20 EDT 2004


> Yesterday, I had a spam come in, in which I noticed the MessageID
> contained my own domain.  Since the originating MTA is responsible for
> generating the MessageID, and since the message came from the outside, I
> added the following in sub filter() of my mimedefang-filter last night.
> Over night, it caught about 20 messages.
>
>     if ($MessageID =~ /\@roadway.com\>$/i && !Exclude_FromInternal() &&
> !Exclude_FromDmz()) {
>         md_syslog 'info', "bogus_MessageID: Originating MTA claims to be
> us in MessageID $MessageID.";
>         return ('REJECT', 'Originating MTA can not claim to be us in
> MessageID.');
>     }


1. Are you sure it actually came in with that Message-ID?  Sendmail
adds one if there is not one present and the added one will of course
have your host's name in it.  I forget whether it has been added
already at milter stage.

2. If a host generated Message-IDs with the name of the recipient
domain in them, does that violate any standard?  I agree that it
looks spammy, and SpamAssassin scores for this, but I am not sure
mail should be rejected as a general rule.

3. Some client software does not create Message-ID and relies on the
smtp server to generate it.  This includes both PC mail clients and
also some PC products that generate mail from databases.  A host that
acts as smtp server needs to recognize any such permitted use-- perhaps
by IP address or by detecting use of smtp auth.

Joseph Brennan
Academic Technologies Group, Academic Information Systems (AcIS)
Columbia University in the City of New York






More information about the MIMEDefang mailing list