[Mimedefang] Rejecting forged senders - comments?
Cormack, Ken
ken.cormack at roadway.com
Tue Sep 19 17:00:43 EDT 2006
I'd like to see if anyone has any comments on an idea to block spam from
forged senders who claim my domain in the sender address. I'm assuming
something like this could (or should?) be done for both the SMTP "MAIL
FROM:" and the "From:" in the header.
If my domains are @domain1, @domain2, and @domain3, and the IPs that I
EXPECT to relay me mail with my domains in the SMTP FROM line are accounted
for, would anyone expect problems with something like the following?
Lets say I have a this function, to accommodate my known Ips...
sub Relayed_FromME() {
if ($RelayAddr eq "127.0.0.1" || $RelayAddr eq "1.2.3.4" || $RelayAddr
=~ /10.0.0/) {
return 1;
}
return 0;
}
...And that I put this in filter_sender()...
# If not relayed from an IP address that I EXPECT
# my domains to be relaying from...
if (!Relayed_FromME()) {
if ($sender =~ /@([^>]+)/) {
my $domain = $1;
# ...yet the claimed domain in the sender's
# SMTP address is one of mine...
if ($domain =~ /domain1/i
|| $domain =~ /domain2/i
|| $domain =~ /domain3/i) {
# log it...
md_syslog 'info', "$QueueID: Forged_Sender_SMTP: Sender SMTP
address claims to be from $domain, but $ip not an expected source for
$domain senders.";
# and reject it...
return ('REJECT', 'Sender SMTP address claims to be from
$domain, but $ip not an expected source for $domain senders.');
}
}
}
Does anyone see any problems?
Ken
More information about the MIMEDefang
mailing list