<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 TRANSITIONAL//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; CHARSET=UTF-8">
<META NAME="GENERATOR" CONTENT="GtkHTML/3.12.3">
</HEAD>
<BODY>
Basically all i want to say is if the mail is from <A HREF="mailto:anyone@ourdomain">anyone@ourdomain</A> it has got to originate from our network or networks. Will RDJ do this for me ?<BR>
<BR>
<BR>
On Wed, 2007-04-18 at 06:45 -0400, am.lists wrote:
<BLOCKQUOTE TYPE=CITE>
<PRE>
<FONT COLOR="#000000">On 4/18/07, Sean O'Reilly <<A HREF="mailto:s.oreilly@linnovations.co.uk">s.oreilly@linnovations.co.uk</A>> wrote:</FONT>
<FONT COLOR="#000000">></FONT>
<FONT COLOR="#000000">> Hi Guys,</FONT>
<FONT COLOR="#000000">></FONT>
<FONT COLOR="#000000">> Am fairly new to MailScanner and would like a little help with writing a</FONT>
<FONT COLOR="#000000">> ruleset that will stop internal mail (mail coming from our domain) coming</FONT>
<FONT COLOR="#000000">> from an external address.</FONT>
<FONT COLOR="#000000">></FONT>
<FONT COLOR="#000000">> Is it possible to do something along the lines of</FONT>
<FONT COLOR="#000000">></FONT>
<FONT COLOR="#000000">> From 'our domain' !localnet no</FONT>
<FONT COLOR="#000000">></FONT>
<FONT COLOR="#000000">> or have i misunderstood how rulesets work</FONT>
<FONT COLOR="#000000">You could create a spamassassin meta rule to accomplish this. I think</FONT>
<FONT COLOR="#000000">I know why you want this but here's the kicker... any time one of your</FONT>
<FONT COLOR="#000000">users (HR departments are famous for this) use some sort of third</FONT>
<FONT COLOR="#000000">party program that sends mail, even for official purposes, will</FONT>
<FONT COLOR="#000000">sometimes violate the laws of spoofing. A typical example is the HR</FONT>
<FONT COLOR="#000000">Jobs/Recruiting application, where it sends mail as the logged-in HR</FONT>
<FONT COLOR="#000000">user. Also if you read back a few days/weeks, this was discussed here</FONT>
<FONT COLOR="#000000">as well how an HR group also used a (gasp...) e-card service that</FONT>
<FONT COLOR="#000000">spoofed the company's real email address as the from header. Also,</FONT>
<FONT COLOR="#000000">many websites that have a "send this page to a friend" functionality</FONT>
<FONT COLOR="#000000">also misbehave in this same way.</FONT>
<FONT COLOR="#000000">So in short, yes, it can be done... but step carefully. As an</FONT>
<FONT COLOR="#000000">alternative, you might find out why these are getting through your</FONT>
<FONT COLOR="#000000">filters as they are now and just tweak the ones you have. If you</FONT>
<FONT COLOR="#000000">haven't already, take a look at RDJ (Rules du Jour) and the Botnet</FONT>
<FONT COLOR="#000000">script. There are plenty of extra non-default rules there that score</FONT>
<FONT COLOR="#000000">the spoofed stuff pretty well (because they come from dial-up</FONT>
<FONT COLOR="#000000">addresses, for example).</FONT>
<FONT COLOR="#000000">Regards,</FONT>
<FONT COLOR="#000000">Angelo</FONT>
</PRE>
</BLOCKQUOTE>
</BODY>
</HTML>