Matching domain to sender.

David Curtis DCurtis at SBSCHOOLS.NET
Wed Feb 2 15:35:30 GMT 2005


Once I started diving into the Postfix settings I realized that what I
wanted was not simple and as you stated I now understand why it is not
so simple.

Thanks for the help.

>>> t.d.lee at DURHAM.AC.UK 2/2/2005 10:12:21 AM >>>
On Wed, 2 Feb 2005, David Curtis wrote:

> I have not seen this setting and thing that it might prevent a ton
of
> spam. I may be wrong. Just your normal System Adin...no super human
> traits.
>
> Can you run some rule to check the senders ip and or domain name and
> match that to the mail from address?
>
> Thanks for any comments.

It may not be as straightforward as it seems on the surface.

Who is the "sender", what is the domain name?

Example: let's imagine a legitimate mail list to which you and I might
both belong.  I, "me at mydom.com", send a message to it,
"list at listdom.com",
hosted on machines at an ISP/university/etc. "ISP.com".  You receive
this
mail.  But who has been the "sender" from your perspective?

o  The visible "From:" contains my "mydom.com": but that is several
    steps away from the transaction at your site;
o  The SMTP machine (probably the list expander) pushing it to you is
    "something.ISP.com", which bears no direct relation to me (email
    originator) as "sender";
o  The envelope "From" contains "owner-list at listdom.com", which
doesn't
    directly trace back to the "ISP.com" DNS names and addresses;
o  The visible "To:" contains "listdom.com" (which, as a text string,
    bears no direct relation to your site).

So your "check the senders ip and or domain name and match that to the
mail from address" becomes non-trivial.

Note that an emerging technology, SPF, is designed to help to address
the
email forgery aspects of the problem if, and as, it gains wider
acceptance
and use.  Indeed, SpamAssassin 3.x is beginning to take account of it.
By its very nature, it needs time to ramp up.  (It has a few "no pain,
no
gain" implications, but that's part of life in these spam-riddled
days,
and no-one has yet come up with a better, and even more widely
acceptable,
compromise.)

Hope taht helps.


--

:  David Lee                                I.T. Service          :
:  Senior Systems Programmer                Computer Centre       :
:                                           University of Durham  :
:  http://www.dur.ac.uk/t.d.lee/            South Road            :
:                                           Durham                :
:  Phone: +44 191 334 2752                  U.K.                  :

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!







This email may contain information protected under the Family
Educational Rights and Privacy Act (FERPA) or the Health Insurance
Portability and Accountability Act (HIPAA).  If this email contains
confidential and/or privileged health or student information and you
are not entitled to access such information under FERPA or HIPAA,
federal regulations require that you destroy this email without
reviewing it and you may not forward it to anyone.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!




More information about the MailScanner mailing list