Sam, Having given up on SPF, I am about to try a couple of things related to what you are suggesting:
1. Change filter-level to require-auth. However, I don't know what that will do to legitimate incoming mail from other domains. 2. Change filter-level to require-auth just for senders with my domain (using a _sender_ config-dir). 3. Remove my domain from sender-whitelists if necessary 4. Remove the IP of my mail server from IP-whitelist if necessary Is this more or less what you had in mind? I'll let you know how it goes. Joe -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Sam Clippinger Sent: Monday, February 09, 2009 16:38 To: spamdyke users Subject: Re: [spamdyke-users] Spammers spoofing internal FROM addresses No, I was thinking that you could configure spamdyke to require authentication whenever a message is delivered _from_ an address at one of your domains. That should prevent remote clients from spoofing your addresses, right? Just after I sent that last message, I decided it was a stupid idea and it obviously wouldn't work but now I can't remember why I thought that. So I'm either completely wrong or I'm losing my mind, please let me know which one so I can plan accordingly. :) -- Sam Clippinger Joe Canner wrote: > Sam, > > Thanks for your response. I'm trying SPF at the moment to see if that will > work. > > I'm not sure I understand what you mean about requiring authentication. I > have smtp-auth-level set to "ondemand-encrypted". Do I need to set it to > something else? Or do you mean I need to take my domain out of > rcpthosts/tcp.smtp so that it treats it as external and required > authentication for relaying? Or something else? > > Thanks for your help. > > Joe > > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of Sam Clippinger > Sent: Friday, February 06, 2009 18:58 > To: spamdyke users > Subject: Re: [spamdyke-users] Spammers spoofing internal FROM addresses > > I'm still not excited about this idea because I believe it will cause > more problems than it will solve. Personally, I use a lot of automated > tools that send me reports/etc using my address and this kind of filter > would block all of those. Determining whether an rDNS/IP is authorized > to send email is tricky (SPF was designed for this purpose). I'm open to > debate, however. > > In the short term, could you stop this kind of spam by configuring > spamdyke to require authentication for all of your local domains? > > -- Sam Clippinger > > Joe Canner wrote: > >> Dear Spamdyke community, >> >> A month or two ago there was a thread about spam where the FROM >> address is the same as the TO address (both referring to the recipient >> of the spam). At the time, this issue was dismissed without much >> discussion. This has, within the last month, become a very serious >> problem for us. Because the FROM address is local, it bypasses >> graylisting, which up until now had been a very effective method of >> protection. >> >> Can anyone suggest a solution to this? Please don't suggest >> SpamAssassin or blacklists, I am not interested in those right now >> (too many false positives for one thing, too many unsophisticated >> users for another). >> >> Surely there must be a way in Spamdyke to block mail with a FROM >> address that is different from the RDNS address. Or, alternatively, to >> block mail where the TO and FROM addresses are the same and the RDNS >> address is not local. >> >> Thank you all for your assistance. >> >> Best Regards, >> >> Joe Canner >> >> Casablanca, MOROCCO >> >> ------------------------------------------------------------------------ >> >> _______________________________________________ >> spamdyke-users mailing list >> [email protected] >> http://www.spamdyke.org/mailman/listinfo/spamdyke-users >> >> > _______________________________________________ > spamdyke-users mailing list > [email protected] > http://www.spamdyke.org/mailman/listinfo/spamdyke-users > > _______________________________________________ > spamdyke-users mailing list > [email protected] > http://www.spamdyke.org/mailman/listinfo/spamdyke-users > _______________________________________________ spamdyke-users mailing list [email protected] http://www.spamdyke.org/mailman/listinfo/spamdyke-users _______________________________________________ spamdyke-users mailing list [email protected] http://www.spamdyke.org/mailman/listinfo/spamdyke-users
