[Mimedefang] Validate forged local sender

Stephen Carr sgcarr at civeng.adelaide.edu.au
Thu Nov 27 08:13:13 EST 2008 

Dear Joe

Thanks - done some testing and will implement over the weekend.

I added /etc/mail/forward

Thanks again
Stephen Carr

Joseph Brennan wrote:
> On Wed, Nov 26, 2008 at 11:40, Stephen Carr
> <sgcarr at civeng.adelaide.edu.au> wrote:
>> Dear list
>>
>> I am trying to block spams that have the sender forged as a non existent
>> user in our domain but the recipient is a valid email address.
> 
> 
> 
> LOCAL_CONFIG
> Kcuuser user -a at REAL
> Kcualias implicit -a at REAL /etc/mail/aliases
> Kcuseq sequence cualias cuuser
> 
> SLocal_check_mail
> R$*                             $: $>3 $1       focus on host
> R$+ < @ columbia . edu . >      $: $( cuseq $1 $: $1 < NOTCU > $)
> R$+ < NOTCU >                   $#error $@ 5.7.1 $: 501 Sender unknown
> R$*                             $@ OK
> 
> 
> Change 'cu' and '@ columbia . edu .' and 'NOTCU' to your own names,
> but using us as an example...
> 
> This tells sendmail, if the MAIL command contains an address with
> '@columbia.edu', look up the local part as an alias and as a user, and
> if neither, reject it '501 Sender unknown', as:
> 
> MAIL from:<blabla at columbia.edu>
> 501 5.7.1 Sender unknown
> 
> This could be extended to more K lookups, and to more domains to
> check.  It could probably also be written in a more generalized way
> to be a FEATURE with config variables.
> 
> Joe
> 
> 
> 
> 
> 
> 
> 
> 
> 
> _______________________________________________
> NOTE: If there is a disclaimer or other legal boilerplate in the above
> message, it is NULL AND VOID.  You may ignore it.
> 
> Visit http://www.mimedefang.org and http://www.roaringpenguin.com
> MIMEDefang mailing list MIMEDefang at lists.roaringpenguin.com
> http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
> 

-- 
Stephen Carr
Computing Officer
School of Civil and Environmental Engineering
The University of Adelaide
Tel +618-8303-4313
Fax +618-8303-4359
Email sgcarr at civeng.adelaide.edu.au

CRICOS Provider Number 00123M
-----------------------------------------------------------
This email message is intended only for the addressee(s) and
contains information that may be confidential and/or copyright.
If you are not the intended recipient please notify the sender
by reply email and immediately delete this email. Use, disclosure
or reproduction of this email by anyone other than the intended
recipient(s) is strictly prohibited. No representation is made
that this email or any attachments are free of viruses. Virus
scanning is recommended and is the responsibility of the recipient.

More information about the MIMEDefang mailing list