Anti Spoofing Ruleset

Sean O'Reilly s.oreilly at
Wed Apr 18 11:50:02 IST 2007

Basically all i want to say is if the mail is from anyone at ourdomain it
has got to originate from our network or networks. Will RDJ do this for
me ?

On Wed, 2007-04-18 at 06:45 -0400, am.lists wrote:

> On 4/18/07, Sean O'Reilly <s.oreilly at> wrote:
> >
> >      Hi Guys,
> >
> >  Am fairly new to MailScanner and would like a little help with writing a
> > ruleset that will stop internal mail (mail coming from our domain) coming
> > from an external address.
> >
> >  Is it possible to do something along the lines of
> >
> >  From    'our domain'    !localnet    no
> >
> >  or have i misunderstood how rulesets work
> You could create a spamassassin meta rule to accomplish this. I think
> I know why you want this but here's the kicker... any time one of your
> users (HR departments are famous for this) use some sort of third
> party program that sends mail, even for official purposes, will
> sometimes violate the laws of spoofing. A typical example is the HR
> Jobs/Recruiting application, where it sends mail as the logged-in HR
> user. Also if you read back a few days/weeks, this was discussed here
> as well how an HR group also used a (gasp...) e-card service that
> spoofed the company's real email address as the from header. Also,
> many websites that have a "send this page to a friend" functionality
> also misbehave in this same way.
> So in short, yes, it can be done... but step carefully. As an
> alternative, you might find out why these are getting through your
> filters as they are now and just tweak the ones you have.  If you
> haven't already, take a look at RDJ (Rules du Jour) and the Botnet
> script. There are plenty of extra non-default rules there that score
> the spoofed stuff pretty well (because they come from dial-up
> addresses, for example).
> Regards,
> Angelo
-------------- next part --------------
An HTML attachment was scrubbed...

More information about the MailScanner mailing list