[Mimedefang] Rejecting forged senders - comments?

Kelson kelson at speed.net
Wed Sep 20 12:20:13 EDT 2006

Cormack, Ken wrote:
> I'd like to see if anyone has any comments on an idea to block spam from
> forged senders who claim my domain in the sender address.  I'm assuming
> something like this could (or should?) be done for both the SMTP "MAIL
> FROM:" and the "From:" in the header.
> If my domains are @domain1, @domain2, and @domain3, and the IPs that I
> EXPECT to relay me mail with my domains in the SMTP FROM line are accounted
> for, would anyone expect problems with something like the following?

We do this for a few specific addresses like admin at ... webmaster at ... 
etc.  (Originally in response to some viruses that used social 
engineering to convince you that you had to open this "report" of your 
account usage, and to a couple of spam runs that faked these return 

The only drawback has been that sometimes the spoofed messages have been 
relayed, and the relay decides it needs to inform the "sender" that the 
message didn't make it.  So it sends a DSN, which is of course properly 
addressed as being from either <> or postmaster at wherever.

Something else you can do to cut down on the problem is to make sure 
Sendmail is set to reject messages with local senders that don't exist. 
   For instance, if we get mail with an envelope sender of 
kjashdkuashd at speed.net, I don't think it even gets as far as MIMEDefang.

Kelson Vibber
SpeedGate Communications <www.speed.net>

More information about the MIMEDefang mailing list