Sam et al., In case anyone is interested, here are the details of what I did. Time will tell whether it is effective, but I don't have any reason to believe it won't be (for this type of spam anyway):
1. Set up a config-dir using the "_sender_/tld/mydomain" directory structure as outlined in the spamdyke documentation. 2. Create a config file at the bottom of the directory that says filter-level=require-auth 3. Remove mydomain.tld from sender-whitelist 4. Change POP clients to provide SMTP authentication information 5. If using webmail and web server is different from mail server, may need to add IP address of web server to IP-whitelist. (I am using Squirrelmail and I couldn't figure out a way to get SM to do SMTP authentication. However, since presumably SM users are already authenticated when they log in, whitelisting shouldn't be a problem) 6. If necessary, also whitelist any other servers or programs that send you status updates using your domain name. Sorry if this is elementary for most of you. This is my first time digging this far into spamdyke. Any comments or improvements are most welcome. Cheers, Joe -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Sam Clippinger Sent: Monday, February 09, 2009 16:38 To: spamdyke users Subject: Re: [spamdyke-users] Spammers spoofing internal FROM addresses No, I was thinking that you could configure spamdyke to require authentication whenever a message is delivered _from_ an address at one of your domains. That should prevent remote clients from spoofing your addresses, right? Just after I sent that last message, I decided it was a stupid idea and it obviously wouldn't work but now I can't remember why I thought that. So I'm either completely wrong or I'm losing my mind, please let me know which one so I can plan accordingly. :) -- Sam Clippinger Joe Canner wrote: > Sam, > > Thanks for your response. I'm trying SPF at the moment to see if that will > work. > > I'm not sure I understand what you mean about requiring authentication. I > have smtp-auth-level set to "ondemand-encrypted". Do I need to set it to > something else? Or do you mean I need to take my domain out of > rcpthosts/tcp.smtp so that it treats it as external and required > authentication for relaying? Or something else? > > Thanks for your help. > > Joe > > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of Sam Clippinger > Sent: Friday, February 06, 2009 18:58 > To: spamdyke users > Subject: Re: [spamdyke-users] Spammers spoofing internal FROM addresses > > I'm still not excited about this idea because I believe it will cause > more problems than it will solve. Personally, I use a lot of automated > tools that send me reports/etc using my address and this kind of filter > would block all of those. Determining whether an rDNS/IP is authorized > to send email is tricky (SPF was designed for this purpose). I'm open to > debate, however. > > In the short term, could you stop this kind of spam by configuring > spamdyke to require authentication for all of your local domains? > > -- Sam Clippinger > > Joe Canner wrote: > >> Dear Spamdyke community, >> >> A month or two ago there was a thread about spam where the FROM >> address is the same as the TO address (both referring to the recipient >> of the spam). At the time, this issue was dismissed without much >> discussion. This has, within the last month, become a very serious >> problem for us. Because the FROM address is local, it bypasses >> graylisting, which up until now had been a very effective method of >> protection. >> >> Can anyone suggest a solution to this? Please don't suggest >> SpamAssassin or blacklists, I am not interested in those right now >> (too many false positives for one thing, too many unsophisticated >> users for another). >> >> Surely there must be a way in Spamdyke to block mail with a FROM >> address that is different from the RDNS address. Or, alternatively, to >> block mail where the TO and FROM addresses are the same and the RDNS >> address is not local. >> >> Thank you all for your assistance. >> >> Best Regards, >> >> Joe Canner >> >> Casablanca, MOROCCO >> >> ------------------------------------------------------------------------ >> >> _______________________________________________ >> spamdyke-users mailing list >> [email protected] >> http://www.spamdyke.org/mailman/listinfo/spamdyke-users >> >> > _______________________________________________ > spamdyke-users mailing list > [email protected] > http://www.spamdyke.org/mailman/listinfo/spamdyke-users > > _______________________________________________ > spamdyke-users mailing list > [email protected] > http://www.spamdyke.org/mailman/listinfo/spamdyke-users > _______________________________________________ spamdyke-users mailing list [email protected] http://www.spamdyke.org/mailman/listinfo/spamdyke-users _______________________________________________ spamdyke-users mailing list [email protected] http://www.spamdyke.org/mailman/listinfo/spamdyke-users
