Rule to block spoofed email

Drew Marshall drew at THEMARSHALLS.CO.UK
Thu Dec 2 09:59:20 GMT 2004


    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On Thu, December 2, 2004 9:08, Mike said:
>>From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On
>>Behalf Of Darrin
>>
>>Does anyone have an example of a rule or rules to only allow a specific
>>email address from a specified source IP? We are getting a lot of SPAM
>>with the sending address of a user on the mail server, this in turn
>>white lists the SPAM.
>
> This is why there is SPF: http://spf.pobox.com
>
> If your MTA is SPF/SRS enabled, and the DNS server from your domain
> published SPF records, then your MTA will block messages of which the
> sender is someone of your domain, but which uses an IP address that you do
> not allow.
>
Try only white listing your server's ip address(es) and not the domain (As
that is easily spoofed, as you have found out!). In Postfix you can also
use smtpd_sender_restrictions = permit_mynetworks check_sender_access...
and then make an access table to block your domain, which will have the
effect of blocking (550) any one who tries to send mail from outside of
your network with a MAIL FROM 'your domain'. I suspect you can do
something similar with outher MTAs but others will have to comment ;-)

Your choice will depend on if you have remote users who send through your
servers and if you have other server outside of your network so might send
mail on your domain's behalf (Hosted web server for example).

HTH

Drew


--
In line with our policy, this message has
been scanned for viruses and dangerous
content by MailScanner, and is believed to be clean.
www.themarshalls.co.uk/policy

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!




More information about the MailScanner mailing list