[courier-users] RE: How to force SMTP AUTH only for MAIL FROM addresses of hosted domains?

Thu, 11 Mar 2004 03:55:17 -0800 

Lorenzo Perone [EMAIL PROTECTED] wrote:
> I'm actually trying to solve a serious spam problem:
> spammers sending mail claiming to be someone of my domain, asking people
> to send their user id and password, etc.
> I've written a perl script that can make (fairly) sure if one is
> authenticated - but I can not just throw away the "other" mails, i.e.
> those which are not authenticated (and still have a "From: " header
> pretending to be from the same domain) because I cannot tell, at that
> level, whether it's a spammer or a user with an old client who tries to
> send some mail without authenticating first.
> If the server forced authentication for those claiming to be a hosted
> user at the Return Path (MAIL FROM) level, spammers could still claim
> to be someone else and later, in the DATA, use a "From:" of my domain.
> But in the latter case I could easilly catch that with my
> maildrop-triggered script. 
> 
> Of course, a last-resort option would be to make an extfilter out of the
> script, and alter the subject or body, telling that it could _possibly_
> be spam and not to trust the sender in case of doubt.
> But an error at SMTP level, which the users would inevitably notice
> and force them to update/setup their clients would be much better.
> I've setup Communigate Pro several times - and its smtp module has this
> option for example. I can't believe that an otherwise superb product as
> courier is going to "leave me alone" on this issue... :|

Please try to be a bit more coherent.  I'm having a hard time trying to understand 
your problem.

Just reading your subject (see what a precise, to the point subject can do for you? 
*g*), I think you want to reject incoming messages that claim (by means of the 
envelope sender) to come from one of your hosted domains *if* the SMTP connection 
hasn't been authenticated.

That's a subset of what SPF[1] does.  Until the SPF people manage to make a patch to 
properly integrate SPF (and SRS, a closely related technology) into Courier, you can 
use the SPF module of Courier::Filter[2].  As Courier::Filter (like any courierfilter) 
only activates after the incoming message has been completely received, you cannot 
save the traffic caused by spam, but on the other hand, you can examine the whole 
message header and body to make more detailed checks.

If you really only want to check for your *own* hosted domains, you can as well write 
a new Courier::Filter::Module::FromHostedDomain filter module (it's easy!) that 
matches any messages that come from a hosted domain.  Using such a module in 
"trusting" mode (see the documentation of Courier::Filter) does exactly what you want.

[1] http://spf.pobox.com
[2] http://search.cpan.org/~jmehnle/Courier-Filter-0.12/



-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id70&alloc_id638&op=click
_______________________________________________
courier-users mailing list
[EMAIL PROTECTED]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Reply via email to