[Mimedefang] Validate forged local sender

Mișu Moldovan dumol at gnome.ro
Wed Nov 26 08:14:14 EST 2008

În data de Mi, 26-11-2008 la 22:10 +1030, Stephen Carr a scris:
> Dear list
> I am trying to block spams that have the sender forged as a non existent
> user in our domain but the recipient is a valid email address.
> Sendmail is configured with LUSER_RELAY that has a list valid users -
> returns "nouser User unknown" if user does not exist.

This looks a lot like our setup. Our Axigen mail server also checks the
validity of the recipients against a list of valid addresses, but this
is rather irrelevant to the case. In MIMEDefang we basically have a hash
of known IP's that are allowed to send mail on our behalf and a hash of
our domains, and we check against them in the filter_sender subroutine. 

http://hiredavidbank.com/mimedefang-filter.paper has something along the
line, please see the filter_sender subroutine where the OurHosts and
OurDomains hashes are used to check for fraudulent senders. The setup
will also block attempts to use a valid address from your domains in the
MAIL FROM stage, but this should only be allowed for the IP's in
OurHosts, I've seen spam/phishing that uses admin at ourdomain.tld or some
other known address. 


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: Aceast fragment din mesaj este semnat digital
URL: <https://lists.mimedefang.org/pipermail/mimedefang_lists.mimedefang.org/attachments/20081126/36ee7bcf/attachment-0003.sig>

More information about the MIMEDefang mailing list