[Mimedefang] Rejecting forged senders - comments?
Kelson
kelson at speed.net
Wed Sep 20 12:20:13 EDT 2006
Cormack, Ken wrote:
> I'd like to see if anyone has any comments on an idea to block spam from
> forged senders who claim my domain in the sender address. I'm assuming
> something like this could (or should?) be done for both the SMTP "MAIL
> FROM:" and the "From:" in the header.
>
> If my domains are @domain1, @domain2, and @domain3, and the IPs that I
> EXPECT to relay me mail with my domains in the SMTP FROM line are accounted
> for, would anyone expect problems with something like the following?
We do this for a few specific addresses like admin at ... webmaster at ...
etc. (Originally in response to some viruses that used social
engineering to convince you that you had to open this "report" of your
account usage, and to a couple of spam runs that faked these return
addresses.)
The only drawback has been that sometimes the spoofed messages have been
relayed, and the relay decides it needs to inform the "sender" that the
message didn't make it. So it sends a DSN, which is of course properly
addressed as being from either <> or postmaster at wherever.
Something else you can do to cut down on the problem is to make sure
Sendmail is set to reject messages with local senders that don't exist.
For instance, if we get mail with an envelope sender of
kjashdkuashd at speed.net, I don't think it even gets as far as MIMEDefang.
--
Kelson Vibber
SpeedGate Communications <www.speed.net>
More information about the MIMEDefang
mailing list