On Fri, 3 Jan 2003 [EMAIL PROTECTED] wrote: > I'm running sendmail 8.11 on a Solaris server. The server has a single > interface and sits in my DMZ. I'm trying to find a way to block > inbound mail with my domain spoofed as the sender.
I'm not sure what you accomplish by doing this. see: http://groups.google.com/groups?selm=8nl0kt%24mna%241%40zardoc.endmail.org&output=gplain >The scenario turned up when a person I know received spam with the >sender being spoofed showing [EMAIL PROTECTED] and recipient being >[EMAIL PROTECTED] After inspecting the mail headers, we discovered >that the source IP was definitely external. We've scoured sendmail.org, >arachnoid.com, cauce.org and all the books we have and could not find >this scenario speifically mentioned. > > Problems/Questions > 1. If we block spammers by domain as recommended at > http://www.arachnoid.com/lutusp/antispam.html#filter_forwarding, > how do we get around our internal users being blocked from sending > mail out? This isn't going to help you. Are you talking about open relays now? If you're running a recent sendmail, open relaying is off by default. Read the documentation in the sendmail source distribution first. See cf/README. I think you're making this too hard on yourself. The link you mention has bad (direct editing of the sendmail.cf should never be done) and outdated advice. > 2. Does anyone know of a way to check the network that a specific > domain is sending from? This way we could look at mydomain.com and > compare it to a specific subnet that we allow. See cf/README.
