[Mimedefang] Validate forged local sender

Stephen Carr sgcarr at civeng.adelaide.edu.au
Fri Dec 5 02:53:56 EST 2008

Dear Joe

The check you supplied is working and rejecting most forged local 
senders. One problem was when the forged sender is a valid email account.

I think I have solved this problem using milter-regex and the fact that 
all our users have to authenticate to the mail server to send / relay 

The milter-regex rules are

connect // /
connect // /our\.ip\.range/
connect /our\.domain/ //
macro /auth_type/ /LOGIN/
macro /auth_type/ /CRAM-MD5/

reject "Sender forged"
(envrcpt /@our\.domain/i) and (envfrom /@our\.domain/i)

I hope this helps others

For testing use tempfail instead of reject.

Stephen Carr

More information about the MIMEDefang mailing list