Although I haven't written a rule to do this, you should be able to use procmail to create a rule for this. You could check the "From:" line and if it matches yourdomain.com then check the "Received: from" to make sure that is your smtp server. If it is not then filter it, move it, modify it, or whatever you want. Hopefully you get some ideas from this.
Jeff *********** REPLY SEPARATOR *********** On 1/3/2003 at 4:38 PM [EMAIL PROTECTED] wrote: >I'm running sendmail 8.11 on a Solaris server. The server has a single >interface and sits in my DMZ. I'm trying to find a way to block inbound >mail >with my domain spoofed as the sender. The scenario turned up when a >person I >know received spam with the sender being spoofed showing >[EMAIL PROTECTED] and >recipient being [EMAIL PROTECTED] After inspecting the mail headers, >we >discovered that the source IP was definitely external. We've scoured >sendmail.org, arachnoid.com, cauce.org and all the books we have and could >not >find this scenario speifically mentioned. > >Problems/Questions >1. If we block spammers by domain as recommended at >http://www.arachnoid.com/lutusp/antispam.html#filter_forwarding, how do we >get >around our internal users being blocked from sending mail out? >2. Does anyone know of a way to check the network that a specific domain >is >sending from? This way we could look at mydomain.com and compare it to a >specific subnet that we allow. > >Thanks in advance for your help. > >Jim
