Fake domains - revisiting..

Steve Campbell campbell at cnpapers.com
Wed Mar 7 21:21:02 CET 2007


Hendrik/Dave,

----- Original Message ----- 
From: "Hendrik den Hartog" <hden at kcbbs.gen.nz>
To: "MailScanner discussion" <mailscanner at lists.mailscanner.info>
Sent: Wednesday, March 07, 2007 2:51 PM
Subject: Fake domains - revisiting..


> Hello
>
> We use Mailscanner on our schools firewall.
>
> We have the not uncommon issue with mail entering with fake domain names, 
> that is,
> mail pretending to come from our domain. (How on earth they glean the 
> email names to
> use is mind boggling to me?)
>
>
> I've read a few historic threads RE: this, but I'm after the current 
> recommended
> procedure to deal with this issue.
>
> Running CentOS 3.3/sendmail-8.12.11-4
>
> I've added our domain name to sendmails access database 
> (From:OurDomain.name.com), but
> suspect this may be a crude option to take - although it seems to work?

I would take this out and put it back to where you had it. You are already 
receiving mail from your domain plus the mail from the spoofed 'your 
domain'.
>
> Advice, Feedback appreciated...

You mentioned later in a post that you use webmail, though http(?). If this 
is done through your http servers, then you can add this to your access 
file, but only by IP, not name. You should also whitelist your MX server by 
IP in MailScanner/SA, not by name. If you have an internal network, use that 
for all communication between MXs, mailservers, mail hub, mail stores, 
whatever you want to call them. A lot depends on how you have your network, 
and mail system, set up. The more you can isolate the outside world, the 
easier this all becomes to manage.

NICs and switches are all very cheap nowadays. Setting up an internal 
network with multihomed servers is a snap.

HTH

Steve

>
> Cheers!
> Dave
> -- 




More information about the MailScanner mailing list