HPE Community
Operating System - HP-UX
1823119 Members
3324 Online
109646 Solutions
New Discussion юеВ

Sendmail Guru - how to block email if it didn't come from the domain they say they are?

 
SOLVED
Go to solution
Geoff Wild
Honored Contributor

тАО08-01-2007 01:03 AM

тАО08-01-2007 01:03 AM

Sendmail Guru - how to block email if it didn't come from the domain they say they are?

I have rules for some popular domains (27 of them):

Example:

SIsHotmail
R$* hotmail.com $* $@ OK
R$* $#error $: "550 Access Denied. Forgeries are disallowed."


SLocal_check_mail
R$* hotmail.com $* $: $>IsHotmail $&{client_name} $&{client_addr}


What that does is, if someone claims to be joespammer@hotmail.com but the server sending the email is dsl-189.someplace.mx - then it is denied.

What I would like instead of putting every possible domain in there is a generic rule that checks the email address against the ip/domain.

So if joespammer@domain1.com and joespammer@domain2.com and etc... trys to send email to me and the server they are bouncing off of doesn't belong to domain1, domain2, etc - then deny accepting it.

Rgds...Geoff
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
0 Kudos
Reply
5 REPLIES 5
Geoff Wild
Honored Contributor

тАО08-14-2007 03:03 AM

тАО08-14-2007 03:03 AM

Re: Sendmail Guru - how to block email if it didn't come from the domain they say they are?

Bump....
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
0 Kudos
Reply
Uday_S_Ankolekar
Honored Contributor

тАО08-14-2007 05:13 AM

тАО08-14-2007 05:13 AM

Re: Sendmail Guru - how to block email if it didn't come from the domain they say they are?

Geoff,

I am sure you have tried /etc/mail/access list to block antispam controls.
That's the one thing I can think of now.

-USA..
Good Luck..
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

тАО08-14-2007 09:58 AM

тАО08-14-2007 09:58 AM

Solution

Re: Sendmail Guru - how to block email if it didn't come from the domain they say they are?

Shalom,

There are a few sendmail hacks that can force the sending mail server to be in the same domain and even have a reverse lookup record that matches.

I use them.

http://www.cs.niu.edu/~rickert/cf/hack/require_rdns.m4

http://www.sendmail.org/~ca/email/chk-opt.html
http://patrick.vande-walle.eu/software/spam-fighting-techniques-using-sendmail/

This would all be much more manageable if you used sendmail.mc instead of directly editing sendmail.cf. You could force validation on all domains, not just 27 special domains.

Domain Name matching hacks:
http://patriot.net/~scoile/isp-redhat/sendmail/antispam

DNSVALID
http://www.sendmail.org/~ca/email/chk-opt.html

http://glennf.com/spam/sendmail.antispam.html

For me this was a painful process working it all out and making this happen.

Read through the links have some fun. I use all the mainstream hacks:

1) I will not accept mail from a server who'se A record says its moe.com if the domain of the mail is hotmail.com
1) I will not accept mail from a server who's A record says curly.com without a reverse lookup record that validates that IP address belongs to curly.com

Several tens of thousands of mails are never accepted because of these rules.

I can give you anything you need to make this work on your system.

I have been trying for hours to post this because its important.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Reply
whiteknight
Honored Contributor

тАО08-14-2007 09:38 PM

тАО08-14-2007 09:38 PM

Re: Sendmail Guru - how to block email if it didn't come from the domain they say they are?


Hi Geoff,

See the antispamming doc from itrc.

http://www1.itrc.hp.com/service/cki/docDisplay.do?docLocale=en&docId=emr_na-c01002231-1


Hope to give you some idea.

WK

Problem never ends, you must know how to fix it
0 Kudos
Reply
Ivan Krastev
Honored Contributor

тАО08-14-2007 10:38 PM

тАО08-14-2007 10:38 PM

Re: Sendmail Guru - how to block email if it didn't come from the domain they say they are?

Another option is to implement SPF - http://www.openspf.org/Implementations


regards,
ivan
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.