Blocking emails that claim to come from our domain

Steve Campbell campbell at CNPAPERS.COM
Wed Dec 7 22:08:35 GMT 2005

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Obviously, blocking at the MTA would be so much better than most solutions 
in MS/SA. Depending on how the IPs for your mailbox servers, gateways, and 
email senders are set up, you might use a simple combination rule such as 
the following:

From:    XX.YY.ZZ and From: *@your.domain     yes

in your whitelist rules.

If you have a block of IPs, you can use the above type of designation. If 
you have varied IPs that aren't consecutive, you will need more rules, and 
if you have multiple gateways sending to mailbox servers, each will need a 
slightly different IP designation rule.

This only works if you know which IPs will be sending for your domain. It is 
up to the rest of your MS/SA configuration to block the other trash, as this 
will have to test the other stuff claiming to be your domain's mail through 
normal checking. In other words mail not coming from your IPs but claiming 
to be from your domain is reduced to just normal MS/SA checked mail.

You can't just whitelist your domain by domain name, and you can't guarantee 
that mail from one of your gateway IPs started from that gateway, so you 
have to block this at each entry point mail can enter your email system.

Might not be the best solution, but it works pretty well here as our IPs are 
all controlled to some degree.

Steve Campbell
campbell at
Charleston Newspapers

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki ( and
the archives (

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list