Please can somebody help I sent a message a few days ago and am still confused,
Basically the problem seems to be that [EMAIL PROTECTED] sends a message to [EMAIL PROTECTED] forging it as if it were from [EMAIL PROTECTED] I dont really understand the processing pipeline and maillets. Please can somebody tell me how to stop this happening. Thanks in advance Andy Bailey www.hazlorealidad.com --------- Mensaje reenviado -------- > Asunto: RE: How to reject hoax messages > Fecha: Thu, 13 Apr 2006 21:37:13 -0500 > Noel, > > Thanks for the quick response, but I am still confused. > > I understand that if there was a virus attached ClamAv would help, > > But there must be a way to filter out messages that claim to be sent > from an address that they are not from. > > > Unfortunately I dont have the mail headers > but what happens is that <[EMAIL PROTECTED]> is sending mail from > [218.188.19.28]) which is not the local ip and sends the message as if > it were from [EMAIL PROTECTED] > > There has to be a way of blocking this. > > You say its to do with authentication > > In my configuration I have > > <authRequired>true</authRequired> > <authorizedAddresses>127.0.0.0/8</authorizedAddresses> > > Do the logs show if he authenticated, I dont understand other users I > have, have to authenticate themselves to send a message, and I hope I > have james configured to not be a relay. > > Obviously if a mail server sends mail to my domain the server will > accept it without requiring authorization, the point is how are they > able to send it as if its from the local domain. > > > Thanks > > Andy Bailey > > > 11/04/06 12:24:53 DEBUG smtpserver: Command received: HELO RSTN-SERVER > 11/04/06 12:24:53 DEBUG smtpserver: Sent: 250-hazlo.hazlorealidad.com > Hello RSTN-SERVER (218.188.19.28 [218.188.19.28]) > 11/04/06 12:24:53 DEBUG smtpserver: Sent: 250-AUTH LOGIN PLAIN > 11/04/06 12:24:53 DEBUG smtpserver: Sent: 250 AUTH=LOGIN PLAIN > 11/04/06 12:24:53 DEBUG smtpserver: Calling reset() default Worker #12 > 11/04/06 12:24:55 DEBUG smtpserver: Command received: MAIL FROM: > <[EMAIL PROTECTED]> > > > > El jue, 13-04-2006 a las 18:09 -0400, Noel J. Bergman escribió: > > > a spammer/virus each message has a virus attached. > > > > I run ClamAV, which would filter those out. > > > > > What can I do to reject messages that appear to be from an > > > account that they are not from. > > > > SPF would be one approach, but we don't have SPF support, yet. Another > > would be to require SMTP AUTH for local senders, or known subnets. > > > > --- Noel > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
