Re: [Exim] Preventing forged From: headers (exim 3.36)

Top Pagina
Delete this message
Reply to this message
Auteur: Robert Lister
Datum:  
Aan: David L. Harfst
CC: Exim Users
Onderwerp: Re: [Exim] Preventing forged From: headers (exim 3.36)
On Thu, Jul 11, 2002 at 04:14:56PM -0500, David L. Harfst wrote:
> Robert Lister wrote:
> >
> > No users should send "from" my domain unless they were on a client from an
> > IP address authorized to do so, inside this network. period.
> >
> > If they're outside my network, they shouldn't be sending me e-mail with my
> > own domain in the "From:" headers. I want a filter to pick this up and
> > throw it away (not reject it, but discard it, as the sender/From: header
> > is of course forged, and so the bounce message goes to the list, usually
> > quoting the spam.)
> >
>
> How about this:
>
> I've got users who travel. They have a corporate email
> account, but access is provided by an ISP, so their email
> does not come from the corporate LAN, but they use their
> corporate email address as their "From:".


We have roaming users. All of our users come in from IP addresses we know
about because they SSH or VPN in to our network. Therefore, I don't want
any mail claiming to be "From: " us because of the mailing list problem
where our domains are on a whitelist which sends e-mail "From:" our domain
to the mailing list.

Most users have SSH. Their e-mail profile (if they insist on using Outlook
or a Windows e-mail client!) is set to send and receive mail from
"localhost" which goes down the SSH tunnel for ports 25 and pop/imap.

If they've not logged on to the server with the SSH client, it won't work,
so they've got to do it. This has the added benefit of encrypting
everything, including our POP passwords etc, down the SSH tunnel, rather
than sending it over an untrusted network in the clear.

Consider a spam like this:

From: mailinglist@???
To: mailinglist@???
Subject: spam....

Because mydomain.com is on the whitelist of allowed domains, it
will cause that spam to get sent to the mailing list.

It is not as easy as I thought it was going to be!

Rob


--
Robert Lister    -        robl@???    -    http://www.lentil.org
                                                  tel: 07973-815198