General
cancel
Showing results for 
Search instead for 
Did you mean: 

Sendmail Guru - how to block email if it didn't come from the domain they say they are?

SOLVED
Go to solution
Geoff Wild
Honored Contributor

Sendmail Guru - how to block email if it didn't come from the domain they say they are?

I have rules for some popular domains (27 of them):

Example:

SIsHotmail
R$* hotmail.com $* $@ OK
R$* $#error $: "550 Access Denied. Forgeries are disallowed."


SLocal_check_mail
R$* hotmail.com $* $: $>IsHotmail $&{client_name} $&{client_addr}


What that does is, if someone claims to be joespammer@hotmail.com but the server sending the email is dsl-189.someplace.mx - then it is denied.

What I would like instead of putting every possible domain in there is a generic rule that checks the email address against the ip/domain.

So if joespammer@domain1.com and joespammer@domain2.com and etc... trys to send email to me and the server they are bouncing off of doesn't belong to domain1, domain2, etc - then deny accepting it.

Rgds...Geoff
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
5 REPLIES
Geoff Wild
Honored Contributor

Re: Sendmail Guru - how to block email if it didn't come from the domain they say they are?

Bump....
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
Uday_S_Ankolekar
Honored Contributor

Re: Sendmail Guru - how to block email if it didn't come from the domain they say they are?

Geoff,

I am sure you have tried /etc/mail/access list to block antispam controls.
That's the one thing I can think of now.

-USA..
Good Luck..
Steven E. Protter
Exalted Contributor
Solution

Re: Sendmail Guru - how to block email if it didn't come from the domain they say they are?

Shalom,

There are a few sendmail hacks that can force the sending mail server to be in the same domain and even have a reverse lookup record that matches.

I use them.

http://www.cs.niu.edu/~rickert/cf/hack/require_rdns.m4

http://www.sendmail.org/~ca/email/chk-opt.html
http://patrick.vande-walle.eu/software/spam-fighting-techniques-using-sendmail/

This would all be much more manageable if you used sendmail.mc instead of directly editing sendmail.cf. You could force validation on all domains, not just 27 special domains.

Domain Name matching hacks:
http://patriot.net/~scoile/isp-redhat/sendmail/antispam

DNSVALID
http://www.sendmail.org/~ca/email/chk-opt.html

http://glennf.com/spam/sendmail.antispam.html

For me this was a painful process working it all out and making this happen.

Read through the links have some fun. I use all the mainstream hacks:

1) I will not accept mail from a server who'se A record says its moe.com if the domain of the mail is hotmail.com
1) I will not accept mail from a server who's A record says curly.com without a reverse lookup record that validates that IP address belongs to curly.com

Several tens of thousands of mails are never accepted because of these rules.

I can give you anything you need to make this work on your system.

I have been trying for hours to post this because its important.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
whiteknight
Honored Contributor

Re: Sendmail Guru - how to block email if it didn't come from the domain they say they are?


Hi Geoff,

See the antispamming doc from itrc.

http://www1.itrc.hp.com/service/cki/docDisplay.do?docLocale=en&docId=emr_na-c01002231-1


Hope to give you some idea.

WK

Problem never ends, you must know how to fix it
Ivan Krastev
Honored Contributor

Re: Sendmail Guru - how to block email if it didn't come from the domain they say they are?

Another option is to implement SPF - http://www.openspf.org/Implementations


regards,
ivan