How to reject/detect emails claiming to be from my own domain?

Philip Parsons pparsons at techeez.com
Tue Dec 27 15:16:16 UTC 2016


So what I get from this rule is that it is checking DKIM and is fails it scores it 20 this I think will work..  Will try thanks.  anyone else doing it a different way ?

On Sat, 2016-12-24 at 09:19 +0100, Thom van der Boon wrote:
I have more or less the same problem. I have a Mailscanner server which handles all mails from external sources, any internal mail is handled on a other server (which can not be reached from the Internet). This means that I can be pretty rude to any mail claiming to be from a local domain received from an external server on the MailScanner server

I am currently testing the following setup:

I added the file domaincom.cf to /etc/mail/spamassassin with the following lines

header         __DSR_DOMAINCOM_VALID000    From =~ /\@domain.com/i
header         __DSR_DOMAINCOM_VALID001    To =~ /\@domain.com/i
ifplugin Mail::SpamAssassin::Plugin::DKIM
  meta            DSR_DOMAINCOM_VALID __DSR_DOMAINCOM_VALID000 && __DSR_DOMAINCOM_VALID001 && !DKIM_VALID
else
  meta          DSR_DOMAINCOM_VALID __DSR_DOMAINCOM_VALID000 && __DSR_DOMAINCOM_VALID001
endif
describe        DSR_DOMAINCOM_VALID No valid domain.com mail
score           DSR_DOMAINCOM_VALID 20.0

Start testing with a lower score..... :)



Met vriendelijke groet, Best regards,


Thom van der Boon
E-Mail: thom at vdb.nl



=====



Thom.H. van der Boon b.v.
Transito 4
6909 DA  Babberich
Tel.: +31 (0)88 4272727
Fax: +31 (0)88 4272789
Home Page: http://www.vdb.nl/

________________________________
Van: "Philip Parsons" <pparsons at techeez.com>
Aan: "MailScanner Discussion" <mailscanner at lists.mailscanner.info>
Verzonden: Vrijdag 23 december 2016 21:00:10
Onderwerp: How to reject/detect emails claiming to be from my own domain?

I use Mailscanner and Send mail.  We have a few instances that we are receiving spam from jack at example.com<mailto:jack at example.com> to jack at example.com<mailto:jack at example.com> and it is getting through.  I have not seemed to find and answers as to how to stop this? Anyone got an Idea.  We already have SPF setup which helps but is not fully for this situation.


Thank you.
Philip Parsons



--
This message has been scanned for viruses and
dangerous content by MailScanner<http://www.mailscanner.info/>, and is
believed to be clean.


--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner






--

Thank You
Philip Parsons
Techeez on the go
please excuse the spelling.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20161227/0d2790e7/attachment.html>


More information about the MailScanner mailing list