here is the scenario
the server query who is sending.
the sender can put any email address in there.
To stop this a mailet needs to check that the IP address in the header
matches the domain of the email address, and Vpf record in the dns
server for the domain.
it should also store the IP address as a spam address.
finally, for the forged domains,
the mailet looks up arin.net for the abuse address of the IP, then sends
a email with something like:
The sender of the email below, has spoofed the Domain name.
they have no authorization to use businessesnetwork.com
All businessesnetwork.com mail originates from xx.xx.xx.*, not
71.241.65.96 (then ip in the email header)
then included the email and header.
I have been slowly working on the mailet(s) to accomplish this.
as far a processing the mailets are executed sequentially.
if a mailet fails it can be configured to stop the sequencing.
andy sent the following on 4/19/06 7:02 AM:
Please can somebody help
I sent a message a few days ago and am still confused,
Basically the problem seems to be that [EMAIL PROTECTED] sends a message to
[EMAIL PROTECTED] forging it as if it were from [EMAIL PROTECTED]
I dont really understand the processing pipeline and maillets.
Please can somebody tell me how to stop this happening.
Thanks in advance
Andy Bailey
www.hazlorealidad.com
--------- Mensaje reenviado --------
Asunto: RE: How to reject hoax messages
Fecha: Thu, 13 Apr 2006 21:37:13 -0500
Noel,
Thanks for the quick response, but I am still confused.
I understand that if there was a virus attached ClamAv would help,
But there must be a way to filter out messages that claim to be sent
from an address that they are not from.
Unfortunately I dont have the mail headers
but what happens is that <[EMAIL PROTECTED]> is sending mail from
[218.188.19.28]) which is not the local ip and sends the message as if
it were from [EMAIL PROTECTED]
There has to be a way of blocking this.
You say its to do with authentication
In my configuration I have
<authRequired>true</authRequired>
<authorizedAddresses>127.0.0.0/8</authorizedAddresses>
Do the logs show if he authenticated, I dont understand other users I
have, have to authenticate themselves to send a message, and I hope I
have james configured to not be a relay.
Obviously if a mail server sends mail to my domain the server will
accept it without requiring authorization, the point is how are they
able to send it as if its from the local domain.
Thanks
Andy Bailey
11/04/06 12:24:53 DEBUG smtpserver: Command received: HELO RSTN-SERVER
11/04/06 12:24:53 DEBUG smtpserver: Sent: 250-hazlo.hazlorealidad.com
Hello RSTN-SERVER (218.188.19.28 [218.188.19.28])
11/04/06 12:24:53 DEBUG smtpserver: Sent: 250-AUTH LOGIN PLAIN
11/04/06 12:24:53 DEBUG smtpserver: Sent: 250 AUTH=LOGIN PLAIN
11/04/06 12:24:53 DEBUG smtpserver: Calling reset() default Worker #12
11/04/06 12:24:55 DEBUG smtpserver: Command received: MAIL FROM:
<[EMAIL PROTECTED]>
El jue, 13-04-2006 a las 18:09 -0400, Noel J. Bergman escribió:
a spammer/virus each message has a virus attached.
I run ClamAV, which would filter those out.
What can I do to reject messages that appear to be from an
account that they are not from.
SPF would be one approach, but we don't have SPF support, yet. Another
would be to require SMTP AUTH for local senders, or known subnets.
--- Noel
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
