[Mimedefang] Validate forged local sender

Joseph Brennan brennan at columbia.edu
Wed Nov 26 11:51:08 EST 2008

On Wed, Nov 26, 2008 at 11:40, Stephen Carr
<sgcarr at civeng.adelaide.edu.au> wrote:
> Dear list
> I am trying to block spams that have the sender forged as a non existent
> user in our domain but the recipient is a valid email address.

Kcuuser user -a at REAL
Kcualias implicit -a at REAL /etc/mail/aliases
Kcuseq sequence cualias cuuser

R$*                             $: $>3 $1       focus on host
R$+ < @ columbia . edu . >      $: $( cuseq $1 $: $1 < NOTCU > $)
R$+ < NOTCU >                   $#error $@ 5.7.1 $: 501 Sender unknown
R$*                             $@ OK

Change 'cu' and '@ columbia . edu .' and 'NOTCU' to your own names,
but using us as an example...

This tells sendmail, if the MAIL command contains an address with
'@columbia.edu', look up the local part as an alias and as a user, and
if neither, reject it '501 Sender unknown', as:

MAIL from:<blabla at columbia.edu>
501 5.7.1 Sender unknown

This could be extended to more K lookups, and to more domains to
check.  It could probably also be written in a more generalized way
to be a FEATURE with config variables.


More information about the MIMEDefang mailing list