Theoreticaly speaking the methadology you are using has been deployed in network edge devices for years, and it is very sound.
A common attack awhile back called The Land attack (affecting earlier 95/98 MS systems), was achieved by sending packets to a host, using the host's IP address as the source and destination (this was an attack using forged IP's). Hence the machine would respond to itself. Network admins ussualy add a rule stating to block from <source my netblock> to <destination my netblock> on their ingress points.
I was actualy wondering for the last few days if such was feasible with any of the filtering oprions in Courier-MTA. I have received numerous Spam messages from [EMAIL PROTECTED] to [EMAIL PROTECTED] already and it has started to annoy me.
The level of Spam received at my corporate mail system is incredible, but being in the business of customer inbound call centers, direct mail, and data analysis caused me to end up with too much of our own internal campaign drafts tagged as Spam when I had SpamAssasin deployed.
What followed was a two month battle between my corporate account managers and my drafted security policies. Eventualy politics won and the policies where revised. I am now looing at DSPAM or other 'Bayasian' alternatives to fix the spam issue.
I actualy deployed this on our gateway smarthost today after reading you initial post and it has worked for me.
Best regards,
Gerardo
Mitch (WebCob) wrote:
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Sam Varshavchik Sent: Thursday, January 22, 2004 3:50 PM To: [EMAIL PROTECTED] Subject: [courier-users] Re: freemail as local mail forgery test?
Mitch (WebCob) writes:
Ok - any opinions on this?
If I use the freemail structure to reject mail claiming to be
from my local
users if they are relayed from anything other than my mx's ...
any problem
with say 500 - 1000 entries like this?
With modern, fast CPUs, shouldn't be a problem unless you're handling a LOT of mail.
Any opinion on the concept?
I think you had said something about replacing the freemail concept with a better process - is there an alternative I should consider as a better way to do this?
Is this something you could keep in mind when you work on a better "freemail"?
Think it's a good idea?
My thought was to have a way to reject forged local senders, allowing me to whitelist my local virtual domains within all the mail filtering mechanisms to avoid thousands of extra individual whitelist froms, while avoiding spam from me to me... if you follow my run-on sentance ;-)
Thanks!
m/
------------------------------------------------------- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn _______________________________________________ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
-- Gerardo A. Gregory Manager Network Administration and Security ------------------------------------------------ Affinitas - Latin for "Relationship" Helping Businesses Acquire, Retain, and Cultivate Customers Visit us at http://www.affinitas.net
------------------------------------------------------- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn _______________________________________________ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
