Reject or tag email signed with @mydomain.com
Matt Kettler
mkettler at EVI-INC.COM
Wed Jul 13 16:32:24 IST 2005
[ The following text is in the "ISO-8859-1" character set. ]
[ Your display is set for the "US-ASCII" character set. ]
[ Some characters may be displayed incorrectly. ]
Hancock, Scott wrote:
> Greetings,
>
> I'm trying to figure out a way to reject all mail signed with my domain.
> I know the only IP addresses that should be allowed to use @mydomain.com
> in the sender so all others can be rejected.
>
> Exim 4.52 - an ACL operates on the envelope sender. Not what I want
> right?
Right, although you could get some value from checking the envelope sender. It
wouldn't be a comprehensive solution, but it would be a start. (A lot of forged
messages have the envelope sender matching the From: header, such as most of the
viruses that forge mail from "webmaster at mydomain.com")
>
> SA 3.0 - will look at the header. Do I write a custom rule?
You could, it would have to be a group of 3 rules, 1 checks the received to see
if it's your domain, 1 checks the from to see if it is your domain, and a meta
rule that fires if the from matches but received doesn't.
>
> MS 4.41 - With a custom rule in place do I whitelist my IP's here?
>
> SPF - I haven't looked into this yet. Should I start here?
SPF would work very well for this. Forgery detection is really what SPF is
designed to do.
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list