On Wed, 2006-09-20 at 13:55 -0400, Cormack, Ken wrote: > > Something else you can do to cut down on the problem is to make sure > > Sendmail is set to reject messages with local senders that don't exist. > > We've discussed this, internally. We host the user mailboxes on internal > Exchange servers, but run MIMEDefang on a pair of machines in the DMZ. We > could use MIMEDefang's support for querying those servers to see if the > recipient exists or not, rather than relaying the message inbound, only to > have Exchange decide the user doesn't exist. But that wouldn't contribute > to stopping an email from "me" coming in to "me", for example. That was the > topic at hand. > > Ken
You might also ask yourself whether you expect to get any legitimate non-auth mail from your domain addresses via your MX hosts on port 25. We see a lot of spam coming in to our MX hosts using valid internal mail addresses as the sender address. The reality though (for us at least) is that we have no reason to see this type of traffic. Our remote users use authentication (which can be checked by mimedefang) and/or a web interface (also using authentication) to send mail to our internal users. With very few exceptions, (which I'm in the process of hunting down and killing) there is no valid mail traffic through these machines which should be using my mail domains as the sender.
signature.asc
Description: This is a digitally signed message part
_______________________________________________ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list [email protected] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
