Blocking emails that claim to come from our domain

Wed Dec 7 04:34:09 GMT 2005

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

what about MS and postfix?
where do i implement that?

On 12/4/05, Jim Holland <mailscanner at mango.zw> wrote:
      Hi

      On Sun, 4 Dec 2005, Nigel kendrick wrote:

      > We are seeing a steady stream of emails from
      > adsl-70-248-164-89.dsl.hstntx.swbell.net[numericlinkwarning
      70.248.164.89] that claim to come
      > from an address in our domain (i.e.:
      admin at ourdomainname.com ) and contain
      > the usual stuff about verifying passwords, mail accounts
      being suspended
      > etc. All legitimate users have to login to send mail so
      what's the most
      > effective and simple way to block mail from external
      sources that contain
      > our domain name? At the moment I am just putting the
      subjects in a
      > spamassassin rule but it's a bit of a 'blunt' way of
      trapping them.

      I also used a pretty blunt method as well, noticing that the
      addresses
      involved were:

      administrator at yourdomain
      admin at yourdomain
      adm at yourdomain
      apache at yourdomain
      ftp at yourdomain
      hostmaster at yourdomain
      ident at yourdomain
      info at yourdomain
      mail at yourdomain
      noreply at yourdomain
      operator at yourdomain
      register at yourdomain
      service at yourdomain
      staff at yourdomain
      subs at yourdomain
      support at yourdomain
      system at yourdomain
      update at yourdomain
      validation at yourdomain
      webmaster at yourdomain

      As none of the above addresses were being used for outgoing
      mail, I just
      put lines such as the following for each of the addresses in
      the sendmail
      access file:

      From:admin at mydomain     550 Blocking spoofed address
      admin at mydomain

      I also found a problem with numerous bounces to such
      addresses, so put in
      lines such as the following:

      To:admin at mydomain       550 This address is no longer valid -
      please write to postmaster instead

      It was quick and dirty but stopped large numbers of problem
      messages.

      More elegant solutions will be found in the archives.

      Regards

      Jim Holland
      System Administrator
      MANGO - Zimbabwe's non-profit e-mail service

      ------------------------ MailScanner list
      ------------------------
      To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
      'leave mailscanner' in the body of the email.
      Before posting, read the Wiki (http://wiki.mailscanner.info/)
      and
      the archives
      (http://www.jiscmail.ac.uk/lists/mailscanner.html ).

      Support MailScanner development - buy the book off the
      website!

--

-------------------------------------------
Erick Perez
Linux User 376588
http://counter.li.org/  (Get counted!!!)
Panama, Republic of Panama

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!