It might be worth investigating SPam assassin for this, there is a spam assassin mailet somewhere, perhaps someone on this list can remind us where to get it from.
On 20/04/06, BJ <[EMAIL PROTECTED]> wrote: > here is the scenario > the server query who is sending. > the sender can put any email address in there. > > To stop this a mailet needs to check that the IP address in the header > matches the domain of the email address, and Vpf record in the dns > server for the domain. > it should also store the IP address as a spam address. > > > finally, for the forged domains, > the mailet looks up arin.net for the abuse address of the IP, then sends > a email with something like: > > The sender of the email below, has spoofed the Domain name. > they have no authorization to use businessesnetwork.com > All businessesnetwork.com mail originates from xx.xx.xx.*, not > 71.241.65.96 (then ip in the email header) > > then included the email and header. > > > I have been slowly working on the mailet(s) to accomplish this. > > > as far a processing the mailets are executed sequentially. > if a mailet fails it can be configured to stop the sequencing. > > > andy sent the following on 4/19/06 7:02 AM: > > Please can somebody help > > > > I sent a message a few days ago and am still confused, > > > > Basically the problem seems to be that [EMAIL PROTECTED] sends a message to > > [EMAIL PROTECTED] forging it as if it were from [EMAIL PROTECTED] > > > > I dont really understand the processing pipeline and maillets. > > > > Please can somebody tell me how to stop this happening. > > > > Thanks in advance > > > > Andy Bailey > > > > www.hazlorealidad.com > > > > --------- Mensaje reenviado -------- > > > >>Asunto: RE: How to reject hoax messages > >>Fecha: Thu, 13 Apr 2006 21:37:13 -0500 > >>Noel, > >> > >>Thanks for the quick response, but I am still confused. > >> > >>I understand that if there was a virus attached ClamAv would help, > >> > >>But there must be a way to filter out messages that claim to be sent > >>from an address that they are not from. > >> > >> > >>Unfortunately I dont have the mail headers > >>but what happens is that <[EMAIL PROTECTED]> is sending mail from > >>[218.188.19.28]) which is not the local ip and sends the message as if > >>it were from [EMAIL PROTECTED] > >> > >>There has to be a way of blocking this. > >> > >>You say its to do with authentication > >> > >>In my configuration I have > >> > >> <authRequired>true</authRequired> > >> <authorizedAddresses>127.0.0.0/8</authorizedAddresses> > >> > >>Do the logs show if he authenticated, I dont understand other users I > >>have, have to authenticate themselves to send a message, and I hope I > >>have james configured to not be a relay. > >> > >>Obviously if a mail server sends mail to my domain the server will > >>accept it without requiring authorization, the point is how are they > >>able to send it as if its from the local domain. > >> > >> > >>Thanks > >> > >>Andy Bailey > >> > >> > >>11/04/06 12:24:53 DEBUG smtpserver: Command received: HELO RSTN-SERVER > >>11/04/06 12:24:53 DEBUG smtpserver: Sent: 250-hazlo.hazlorealidad.com > >>Hello RSTN-SERVER (218.188.19.28 [218.188.19.28]) > >>11/04/06 12:24:53 DEBUG smtpserver: Sent: 250-AUTH LOGIN PLAIN > >>11/04/06 12:24:53 DEBUG smtpserver: Sent: 250 AUTH=LOGIN PLAIN > >>11/04/06 12:24:53 DEBUG smtpserver: Calling reset() default Worker #12 > >>11/04/06 12:24:55 DEBUG smtpserver: Command received: MAIL FROM: > >><[EMAIL PROTECTED]> > >> > >> > >> > >>El jue, 13-04-2006 a las 18:09 -0400, Noel J. Bergman escribió: > >> > >>>>a spammer/virus each message has a virus attached. > >>> > >>>I run ClamAV, which would filter those out. > >>> > >>> > >>>>What can I do to reject messages that appear to be from an > >>>>account that they are not from. > >>> > >>>SPF would be one approach, but we don't have SPF support, yet. Another > >>>would be to require SMTP AUTH for local senders, or known subnets. > >>> > >>> --- Noel > >>> > >>> > >>>--------------------------------------------------------------------- > >>>To unsubscribe, e-mail: [EMAIL PROTECTED] > >>>For additional commands, e-mail: [EMAIL PROTECTED] > >>> > >> > >> > >>--------------------------------------------------------------------- > >>To unsubscribe, e-mail: [EMAIL PROTECTED] > >>For additional commands, e-mail: [EMAIL PROTECTED] > >> > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
