Implement Access Control List With MailScanner??? {Scanned}

Scott Silva ssilva at SGVWATER.COM
Thu Jul 1 22:59:33 IST 2004 

But if the mail pretends to come from one of his users, but is actually
coming from outside,
then IP based relay checks are exactly what he needs.
If it is coming from an outside source, with an internal from address, it is
still a relay attempt.
But if you used domain based relay checks, then these messages would get
through.
I stop 50 to 100 attemps at this very thing every day. Many are attemps to
relay by skipping the MX priorities,
and making messages look like they came from our other server.

| Don't think he is looking for relaying restrictions.
| He is trying to prevent mail that says it's from his users that is
| destined for other users of his.
|
| So let's say a message comes in from the outside that is for
| joe at mydomain.com and it says its from jill at mydomain.com
| It didn't originate from my mail server yet it says its from one of my
| users.
|
|
|
| Rob V
|
| -----Original Message-----
| From: MailScanner mailing list [mailto:MAILSCANNER at JISCMAIL.AC.UK] On
| Behalf Of Scott Silva
| Sent: Thursday, July 01, 2004 5:30 PM
| To: MAILSCANNER at JISCMAIL.AC.UK
| Subject: Re: Implement Access Control List With MailScanner??? {Scanned}
|
| | Hello all,
| |     I've been doing some serious googling over the 2-3 days about how
| to
| | implement a type of ACL (access control list) for Sendmail which would
| help
| | in preventing the spoofing of my domain to my users. The only thing I
| can
| | find are rulesets which are inserted direclty into the sendmail.cf,
| which
| is
| | something that I really want to avoid. I was hoping MailScanner would
| allow
| | me to do this. Here is my setup:
| |
| |  Kernel Version    2.4.22-1.2194.nptlsmp
| | SendMail RPM Version    sendmail-8.12.10-1.1.1
| | Procmail RPM Version    procmail-3.22-11
| | MailScanner RPM Version    mailscanner-4.30.2-1
| |
| | If an email arrives at my mail server with the from header as
| user at mydomain,
| | I need to further look at the message to see if the message originated
| from
| | one of the subnets for which I relay. If it did, I'll accept it. If it
| | didn't, I'll discard it. If anyone knows of a Sendmail m4 rule for
| this,
| | please point me in the right direction and accept my apologies for
| being
| on
| | the wrong list. :) Otherwise, if MailScanner can already do this or if
| | someone has already written a custom function for this, please point
| me in
| | the right direction.
|
| http://www.sendmail.org/m4/anti_spam.html
| particularly the section;
| FEATURE(`relay_mail_from')
|
| put the IP addresses of the subnets you relay in the access file.
| Don't put the domains in as they are easy to fake. I was caught here
| and it is easy to do and a little harder to find out why sooo much
| junk gets through.
|
| If you relay for the network 11.22.33.0 then you would have;
| 11.22.33.0   RELAY
| in /etc/mail/access
|
| Also read this;
| http://www.sendmail.org/tips/relaying.html
|
|
| --
| This message has been scanned for viruses and
| dangerous content by MailScanner, and is
| believed to be clean.
|
| -------------------------- MailScanner list ----------------------
| To leave, send    leave mailscanner    to jiscmail at jiscmail.ac.uk
| Before posting, please see the Most Asked Questions at
| http://www.mailscanner.biz/maq/     and the archives at
| http://www.jiscmail.ac.uk/lists/mailscanner.html
|
| -------------------------- MailScanner list ----------------------
| To leave, send    leave mailscanner    to jiscmail at jiscmail.ac.uk
| Before posting, please see the Most Asked Questions at
| http://www.mailscanner.biz/maq/     and the archives at
| http://www.jiscmail.ac.uk/lists/mailscanner.html
|
| --
| This message has been scanned for viruses and
| dangerous content by MailScanner, and is
| believed to be clean.
|
|


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail at jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

More information about the MailScanner mailing list