thks for the mailscanner tool
Alex Neuman van der Hans
alex at nkpanama.com
Fri Dec 1 14:26:29 GMT 2006
Sender spoofing within the message is something very difficult to stop
because proper authentication wasn't part of the original e-mail
specification everybody uses. You can always make it easier to spot by
adding information to the header.
If you're using sendmail, you can always turn on REC_FULL_AUTH so you
can see WHO authenticated and sent the e-mail.
I usually find the file at /usr/share/sendmail-cf/m4 called cfhead.m4,
where there's a line that says:
and change it so it says:
The difference is "REC_AUTH" inserts "authenticated user" on the
message's headers, but REC_FULL_AUTH inserts "authenticated user XXXX".
You can check my own headers to see the difference.
You can always add
"Envelope From Header = X-%org-name%-MailScanner-From:"
...but I suspect that would also be vulnerable to spoofing.
Other methods could include using MCP with rulesets so that:
Is Definitely MCP = %mcp-dir%/mcp.rules
From: alice at mydomain and From:192.168.1.3 no
From: bob at mydomain and From:192.168.1.4 no
FromOrTo: default yes
This way (I suspect, I don't use MCP *that* much, so check first)
"spoofed" e-mail will be dealt with using MCP.
This wouldn't be invulnerable, however, to IP address hijacking. *That*
could be issued using a switch smart enough to care about IPs-to-MAC
addresses, or by using ARP tricks at your sendmail box so that IP-to-MAC
However, some NIC drivers allow you to spoof the MAC (and you can
trivially do it in operating systems other than Windows.
vinay poojary wrote:
> Dear Sir,
> It does not requires any username / password for the auth .The user can
> use his own username / password and only change the email address in the
> email client .So to stop email spoofing in u r own organistaion is
> difficult .
> can we have any option for email spoofing in mailscanner .
> vinay poojary
> */Dhawal Doshy <dhawal at netmagicsolutions.com>/* wrote:
> Martin Hepworth wrote:
> > vinay poojary wrote:
> >> Dear Sir,
> >> I am using mailscanner with sendmail.The sendmail is installed with
> >> smtp-auth .I have no such problems with mailscanner .I am just
> >> enjoying the mailscanner configuration .
> >> But presently i am facing the problem of addres spoofing .The
> >> in my own company can change the from address and send mail to
> >> via smtp auth .Is there any way i could stop these address
> spoofing .
> >> Thks in advance .
> >> Regards,
> >> vinay poojary
> > Vinay
> > 1st point of call on this is a proper Acceptable Use Policy. If
> they use
> > business computers for non-work things, they go the normal
> > procedures, or even straight to dismissal under gross misconduct.
> > under estimate the power of HR policy!).
> i agree that this can taken up at a different level (read as
> catbert), i
> also think that poor passwords are also responsible for sender
> We had a case a year back, where a "secure" SMTP server was used for
> (via a korean IP), using authentication that was quite easy to guess
> (password = username). Now we now enforce stricter passwords ;-)
> - dhawal
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> Before posting, read http://wiki.mailscanner.info/posting
> Support MailScanner development - buy the book off the website!
> Find out what India is talking about on - Yahoo! Answers India
> Send FREE SMS to your friend's mobile from Yahoo! Messenger Version 8.
> Get it NOW
More information about the MailScanner