that's what I was afraid of... Some of the emails are not legit and I
have thought of writing a matcher (easy enough). I was trying to figure
something out for the case where the emails are legit.
Anyone who knows the smtp/auth code think the code could be modified to
look for this case? Or is that a really bad idea and we just have to
live with this?
Another thought I had was to use SPF (I believe that is the right
acronym) on mydomain.com and then have James validate the SPF....
Or another thought is to write a matcher for mydomain.com where email
must be sent from a specific IP address since I know what IP address for
the James server (and it is static). Wonder if that would work? Or if
legit clients logging into the server to send email would through that
off. Guess the question is would a client logging in and sending email
go through the pipeline? Anyway...some stuff to play with unless
someone can let me know off the top of your head....
Thanks for taking the time to discuss...
Chris....
JWM wrote:
The only way you could do that is if they are making up email addresses at
your domain as 'from' addresses and these addresses don't really exist. I
don't know of a specific matcher that does that. But it would be easy to
create one. If they are using existing email addresses as from address, I
don't see a way to differentiate from a legit email from that person.
-----Original Message-----
From: Chris Hane [mailto:[EMAIL PROTECTED]
Sent: Wednesday, November 23, 2005 10:20 AM
To: James Users List
Subject: Re: How to stop Spam sent to my domain FROM my domain?
You are correct it is not coming from my server. And I'm aware of spam
like this that I can not stop on my server....
I'm asking a bit of a different question. A third party is sending mail
to me ([EMAIL PROTECTED]). They have set the FROM address to be
([EMAIL PROTECTED]). In this case, James is getting the email and
delivering it to me.
What I wonder is there a configuration setting or matcher/mailet that
can detect this and do something (e.g., mark is as spam, or just reject
it entirely) with the email.
Chris....
JWM wrote:
Chris,
99% chance it has nothing to do with your server. That mail never came
close to your server. Anyone can put any return address they want on an
email. What typically happens is that viruses on user's machines will
harvest addresses from the user's inbox and use them as return addresses
for
spam.
So the good news is that it isn't coming from your server, and therefore
you
don't have a virus or security hole. The bad news is that isn't coming
from
your server, and therefore there is absolutely nothing you can do to
prevent
it.
Jerry
-----Original Message-----
From: Chris Hane [mailto:[EMAIL PROTECTED]
Sent: Wednesday, November 23, 2005 9:26 AM
To: [email protected]
Subject: How to stop Spam sent to my domain FROM my domain?
I have a pretty vanilla James (latest released version) installation.
I am receiving spam from third parties with the FROM set to an address
in my domain (for example the from is [EMAIL PROTECTED]). I'm assuming
this is some type of virus on the sending machine.
Is there a configuration option or mailet/matcher that will verify that
if the FROM address is using a domain being managed by James, that the
email user must be authenticated?
I have James setup so that authentication is required to send/receive
email using the server. However, if email is being sent to me, the FROM
address can be anything, which includes addresses in my domain.
It's causing a bit of confusion in my user base because the emails look
like the are coming from legit addresses. Our virus software is
stripping out the viruses, so I'm not worried (right now) about
virus...this is more a support issue with my users.
Thanks in advance,
Chris....
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
