[Mimedefang] trouble with filter_sender and faked mail from mydomain to my domain

Scott Harris mimedefang at webhounds.net
Wed Aug 16 11:53:09 EDT 2006


> 
> Actually, the filter does not correspond to your description.
> You reject hosts, that use a HELO argument that ends in your 
> domain, but 
> are not one of the listed hosts. So this filter_sender() let pass 
> the mail correctly.
> No sender check is made.
> 
> BTW: The terms From: and To: usually apply to the headers of 
> the mail, in 
> filter_sender() you can check the envelope MAIL FROM: only.

Thanks for the reply Steffan and Jim.  It seems I had a skewed
understanding of the logic ;)

Indeed, I went through the logs and checked and sure enough,
all the HELO's were not to my domain.  In one example they 
tried to fake the email my using my mail servers IP address,
so that got through as well, as expected.

Aug 15 04:39:28 mail2 mimedefang.pl[1865]: Scooter:
sender-><administrator at mydomain.com>, host->68.146.230.167,
hostname->S01060050bfafe5cc.cg.shawcable.net,
helo->S01060050bfafe5cc.cg.shawcable.net
Aug 15 12:47:56 mail2 mimedefang.pl[9795]: Scooter:
sender-><administrator at mydomain.com>, host->211.224.178.23,
hostname->[211.224.178.23], helo->64.44.55.179

So where should I filter the problem of the sender using my
domain as both the To: and the From:?  The mimedefang or the
sendmail side?

Thanks again everyone.

Scott




More information about the MIMEDefang mailing list