On Tue, 07 Jan 2003 09:53:23 -0600
Ned Fleming <[EMAIL PROTECTED]> wrote:
> On Mon, 06 Jan 2003 22:11:49 +0000, [EMAIL PROTECTED] wrote:
>
> >Thanks for the input on this so far. To clarify, [EMAIL PROTECTED] is exactly
> >right in stating that I'm trying to stop the spoofing of my domain as the
> >sender to my own domain (e.g. helpdesk@xyz to johnSmith@xyz where helpdesk is
> >the spoofed sender). This is not an open relay server and the spam is not (as
> >far as I can tell) as a result of any viruses guessing at accounts.
>
> [snip]
>
> >I'm not sure that this problem can be resolved within sendmail config files but
> >if anyone knows differently, please let me know.
>
> Yes, you can do this in Sendmail. You can do just about anything in
> Sendmail, provided you're willing to read and write hieroglyphics, uh,
> I mean the config files. The fellows who recommended SMTP AUTH or
> pop-before-smtp were correct.
Neither simple pop-before-smtp or SMTP AUTH will do it. It will take authentication
(either AUTH or IP) plus a filter to stop what he wants. It won't be pretty whichever
way. Now a semi-simple milter can modify the subject line to warn the receiver that
it might be forged. That would be easy; for a sendmail hacker, that is.
GB
--
GB Clark II | Roaming FreeBSD Admin
[EMAIL PROTECTED] | General Geek
CTHULU for President - Why choose the lesser of two evils?
