Blocking from my own forged domain (smtp+spf)

William Burns William.Burns at AEROFLEX.COM
Tue May 4 23:40:37 IST 2004


John Breeden wrote:

> I'm assuming that cnpapers.net is your domain. If so you might want to
> check out smtp+spf at http://spf.pobox.com/
>
John:

That (SPF) sounds like the best general solution to me.

> Stephe Campbell wrote:
>
>> Any solid solutions or ideas would be appreciated, as well as any
>> failings
>> of this idea of IP blocking being brought forth and pointed out to me
>>

But...
Stephe:

The downside is that some companies will have home users and/or
road-warrior types.

The home user could have his mail browser configured to use the SMTP
server of his ISP. (otherwise, "said" company has to deal w/ relaying
for random users on the internet)
If the home user also has his "From: " address set to the company e-mail
address, then you've got to find out what SMTP server he's using, and
add that to your SPF config.
If you've got a couple "smart" home users, who might configure their own
e-mail settings, or switch between ISPs, then you have to worry about
their SMTP servers changing to something that's not on your SPF list and
accidentally bouncing their mail.

Richard Brown wrote:

>I've not used the IPBlock myself, but I believe from the discussion when it
>was first implemented it will create an access map for sendmail that blocks
>persistent senders of spam/viruses from delivering the mail to sendmail.
>
It does?
http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/234.html
Wow. It does!

Now... There's gotta be a way to combine this w/ the greylist solution...
IPBlock addresses that have lots of hits on the greylist. Yea....

-Bill

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail at jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html



More information about the MailScanner mailing list