Anti Spoofing Ruleset
Sean O'Reilly
s.oreilly at linnovations.co.uk
Wed Apr 18 11:50:02 IST 2007
Basically all i want to say is if the mail is from anyone at ourdomain it
has got to originate from our network or networks. Will RDJ do this for
me ?
On Wed, 2007-04-18 at 06:45 -0400, am.lists wrote:
> On 4/18/07, Sean O'Reilly <s.oreilly at linnovations.co.uk> wrote:
> >
> > Hi Guys,
> >
> > Am fairly new to MailScanner and would like a little help with writing a
> > ruleset that will stop internal mail (mail coming from our domain) coming
> > from an external address.
> >
> > Is it possible to do something along the lines of
> >
> > From 'our domain' !localnet no
> >
> > or have i misunderstood how rulesets work
>
> You could create a spamassassin meta rule to accomplish this. I think
> I know why you want this but here's the kicker... any time one of your
> users (HR departments are famous for this) use some sort of third
> party program that sends mail, even for official purposes, will
> sometimes violate the laws of spoofing. A typical example is the HR
> Jobs/Recruiting application, where it sends mail as the logged-in HR
> user. Also if you read back a few days/weeks, this was discussed here
> as well how an HR group also used a (gasp...) e-card service that
> spoofed the company's real email address as the from header. Also,
> many websites that have a "send this page to a friend" functionality
> also misbehave in this same way.
>
> So in short, yes, it can be done... but step carefully. As an
> alternative, you might find out why these are getting through your
> filters as they are now and just tweak the ones you have. If you
> haven't already, take a look at RDJ (Rules du Jour) and the Botnet
> script. There are plenty of extra non-default rules there that score
> the spoofed stuff pretty well (because they come from dial-up
> addresses, for example).
>
> Regards,
> Angelo
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20070418/9c3b0a12/attachment.html
More information about the MailScanner
mailing list