[Mimedefang] Validate forged local sender
Stephen Carr
sgcarr at civeng.adelaide.edu.au
Fri Dec 5 02:53:56 EST 2008
Dear Joe
The check you supplied is working and rejecting most forged local
senders. One problem was when the forged sender is a valid email account.
I think I have solved this problem using milter-regex and the fact that
all our users have to authenticate to the mail server to send / relay
emails.
The milter-regex rules are
accept
connect // /127.0.0.1/
connect // /our\.ip\.range/
connect /our\.domain/ //
macro /auth_type/ /LOGIN/
macro /auth_type/ /CRAM-MD5/
reject "Sender forged"
(envrcpt /@our\.domain/i) and (envfrom /@our\.domain/i)
I hope this helps others
For testing use tempfail instead of reject.
Regards
Stephen Carr
More information about the MIMEDefang
mailing list