Fake domains - revisiting..
Steve Campbell
campbell at cnpapers.com
Wed Mar 7 21:21:02 CET 2007
Hendrik/Dave,
----- Original Message -----
From: "Hendrik den Hartog" <hden at kcbbs.gen.nz>
To: "MailScanner discussion" <mailscanner at lists.mailscanner.info>
Sent: Wednesday, March 07, 2007 2:51 PM
Subject: Fake domains - revisiting..
> Hello
>
> We use Mailscanner on our schools firewall.
>
> We have the not uncommon issue with mail entering with fake domain names,
> that is,
> mail pretending to come from our domain. (How on earth they glean the
> email names to
> use is mind boggling to me?)
>
>
> I've read a few historic threads RE: this, but I'm after the current
> recommended
> procedure to deal with this issue.
>
> Running CentOS 3.3/sendmail-8.12.11-4
>
> I've added our domain name to sendmails access database
> (From:OurDomain.name.com), but
> suspect this may be a crude option to take - although it seems to work?
I would take this out and put it back to where you had it. You are already
receiving mail from your domain plus the mail from the spoofed 'your
domain'.
>
> Advice, Feedback appreciated...
You mentioned later in a post that you use webmail, though http(?). If this
is done through your http servers, then you can add this to your access
file, but only by IP, not name. You should also whitelist your MX server by
IP in MailScanner/SA, not by name. If you have an internal network, use that
for all communication between MXs, mailservers, mail hub, mail stores,
whatever you want to call them. A lot depends on how you have your network,
and mail system, set up. The more you can isolate the outside world, the
easier this all becomes to manage.
NICs and switches are all very cheap nowadays. Setting up an internal
network with multihomed servers is a snap.
HTH
Steve
>
> Cheers!
> Dave
> --
More information about the MailScanner
mailing list