> -----Original Message----- > From: Bill Shupp [mailto:[EMAIL PROTECTED] > Sent: Wednesday, March 31, 2004 10:55 AM > To: [EMAIL PROTECTED] > Subject: Re: [toaster] Spamming issue > > Andy Abshagen wrote: > > OK. We are getting sick of this spamming issue. We have a > domain that > > is continually being used by spammers to send out mail as > being from > > them and to them. Is there anyway with Qmail/Vpopmail to > always require > > mail from a specific email address or domain to have to use > SMTP-auth > > even if it is to someone in the same domain? > > > > IE mail coming from [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> going to > > [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> would always go > through as far as > > I know. > > This won't work. How would legitimate mail get to your machine? > You'd have to get all the remote servers to agree to patch > their systems > to require smtp auth when sending to your domain. That's impossible. > > If you want to get aggressive about forgery, there appear to be 2 > leading concepts to prevent it: > > 1. Greylisting > 2. SPF > > Greylisting is really effective, and does not require remote > MTAs to be > compliant. However, it will cause all new mail to bounce (temporary > failure) at least once before becoming "Greylisted". This is how it > starts tracking legitimate header/IP combinations. To learn > more about > Greylisting, see: > > http://projects.puremagic.com/greylisting/ > > You'll also find my Greylisting patches on http://www.shupp.org > > SPF is something like a DNS based "reverse MX" system to designate > permitted senders for mails depending on the domain name. I have not > personally experimented with it, but it looks interesting. > The upside > is that legitimate mail should not bounce. The downside is that the > sender's domain must have an SPF dns entry. I don't know how > wide-spread SPF dns deployment is. Because of this, you'll have to > default to allow non SPF reporting domains, otherwise you'll > risk losing > a LOT of legitimate mail and pissing off your customers. > Here's the SPF > link: > > http://spf.pobox.com/ > > And here's a qmail patch to implement SPF: > > http://www.saout.de/misc/spf/ > > If you decide to implement either, please share your experiences here. > > Regards, > > Bill Shupp >
I'm not sure why it wouldn't work. I'm only wanting to enforce the SMTP-AUTH when it is from and to the same domain. If it is from valid.com and going to test.com it would still go through correctly.. But if it is from test.com and to test.com is when there is a problem. I've already looked at greylisting and I am in the process of getting this setup to do some testing. Andy
