Cormack, Ken wrote:
I'd like to see if anyone has any comments on an idea to block spam from
forged senders who claim my domain in the sender address. I'm assuming
something like this could (or should?) be done for both the SMTP "MAIL
FROM:" and the "From:" in the header.
If my domains are @domain1, @domain2, and @domain3, and the IPs that I
EXPECT to relay me mail with my domains in the SMTP FROM line are accounted
for, would anyone expect problems with something like the following?
We do this for a few specific addresses like [EMAIL PROTECTED] [EMAIL PROTECTED]
etc. (Originally in response to some viruses that used social
engineering to convince you that you had to open this "report" of your
account usage, and to a couple of spam runs that faked these return
addresses.)
The only drawback has been that sometimes the spoofed messages have been
relayed, and the relay decides it needs to inform the "sender" that the
message didn't make it. So it sends a DSN, which is of course properly
addressed as being from either <> or [EMAIL PROTECTED]
Something else you can do to cut down on the problem is to make sure
Sendmail is set to reject messages with local senders that don't exist.
For instance, if we get mail with an envelope sender of
[EMAIL PROTECTED], I don't think it even gets as far as MIMEDefang.
--
Kelson Vibber
SpeedGate Communications <www.speed.net>
_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list [email protected]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
