Rule to block spoofed email

Alex Neuman van der Hans alex at nkpanama.com
Thu Dec 2 15:56:57 GMT 2004


This was discussed before... Your own addresses can be whitelisted in
MailScanner, but only if they come from trusted networks. Instead of having
From:*@yourdomain.com yes on spam.whitelist.rules, you should have
From:*@yourdomain.com and From:*@your.set.of.ips yes - so that it only
"kicks in" when it comes through your own network.

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On Behalf
Of Drew Marshall
Sent: Thursday, December 02, 2004 4:59 AM
To: MAILSCANNER at JISCMAIL.AC.UK
Subject: Re: Rule to block spoofed email

On Thu, December 2, 2004 9:08, Mike said:
>>From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On
>>Behalf Of Darrin
>>
>>Does anyone have an example of a rule or rules to only allow a
>>specific email address from a specified source IP? We are getting a
>>lot of SPAM with the sending address of a user on the mail server,
>>this in turn white lists the SPAM.
>
> This is why there is SPF: http://spf.pobox.com
>
> If your MTA is SPF/SRS enabled, and the DNS server from your domain
> published SPF records, then your MTA will block messages of which the
> sender is someone of your domain, but which uses an IP address that
> you do not allow.
>
Try only white listing your server's ip address(es) and not the domain (As
that is easily spoofed, as you have found out!). In Postfix you can also use
smtpd_sender_restrictions = permit_mynetworks check_sender_access...
and then make an access table to block your domain, which will have the
effect of blocking (550) any one who tries to send mail from outside of your
network with a MAIL FROM 'your domain'. I suspect you can do something
similar with outher MTAs but others will have to comment ;-)

Your choice will depend on if you have remote users who send through your
servers and if you have other server outside of your network so might send
mail on your domain's behalf (Hosted web server for example).

HTH

Drew


--
In line with our policy, this message has been scanned for viruses and
dangerous content by MailScanner, and is believed to be clean.
www.themarshalls.co.uk/policy

------------------------ MailScanner list ------------------------ To
unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and the
archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!




More information about the MailScanner mailing list