[Mimedefang] Validate forged local sender

Joseph Brennan brennan at columbia.edu
Fri Dec 5 10:05:58 EST 2008

Stephen Carr <sgcarr at civeng.adelaide.edu.au> wrote:

> Dear Joe
> The check you supplied is working and rejecting most forged local
> senders. One problem was when the forged sender is a valid email account.
> I think I have solved this problem using milter-regex and the fact that
> all our users have to authenticate to the mail server to send / relay
> emails.

It could be done in Mimedefang, too.  If sender address is our domain,
then it must come from our webmail or shell login hosts or it must
come with smtp auth.

We unfortunately never required people to use our smtp servers, so by
now we have a large number using ISP smtp servers to send.  There is
no technical problem here, but a considerable user education and help
problem.  I wish we'd nipped it in the bud years ago, as your university
must have done.

Joseph Brennan
Lead Email Systems Engineer
Columbia University Information Technology

More information about the MIMEDefang mailing list