Re: [exim] Way to Prevent Spoofed Internal Addresses?

Top Page
Delete this message
Reply to this message
Author: .|MoNK|Cucumber .
Date:  
To: exim-users
Subject: Re: [exim] Way to Prevent Spoofed Internal Addresses?
We run an internal mail server and a perimiter mail relay (that receives
inbound mails and forwards to internal mail server).

What we did is create a blacklist on the perimiter mail relay for anything
from *@localdomain




>From: Paul Johnson <baloo@???>
>To: exim-users@???
>Subject: Re: [exim] Way to Prevent Spoofed Internal Addresses?
>Date: Sat, 25 Jun 2005 17:45:35 -0700
>MIME-Version: 1.0
>Received: from sesame.csx.cam.ac.uk ([131.111.8.41]) by mc1-f27.hotmail.com
>with Microsoft SMTPSVC(6.0.3790.211); Sat, 25 Jun 2005 17:47:54 -0700
>Received: from [::1] (port=2341 helo=sesame.csx.cam.ac.uk)by
>sesame.csx.cam.ac.uk with esmtp (Exim 4.44)id 1DmLHd-00034m-MF; Sun, 26 Jun
>2005 01:46:01 +0100
>Received: from sccrmhc14.comcast.net ([204.127.202.59]:55560)by
>sesame.csx.cam.ac.uk with esmtp (Exim 4.44) id 1DmLHX-00034h-Iffor
>exim-users@???; Sun, 26 Jun 2005 01:45:59 +0100
>Received: from ursine.ca ([24.20.196.39]) by comcast.net (sccrmhc14) with
>ESMTPid <20050626004546014004ejahe>; Sun, 26 Jun 2005 00:45:51 +0000
>Received: from ip6-localhost ([::1]) by ursine.ca with esmtp (Exim 4.51)id
>1DmLHI-0002XL-TDfor exim-users@???; Sat, 25 Jun 2005 17:45:44 -0700
>X-Message-Info: JGTYoYF78jEHjJx36Oi8+Z3TmmkSEdPtfpLB7P/ybN8=
>Organization: Ursine
>User-Agent: KMail/1.7.2
>References: <BAY105-F389F28E5F7E17D708DEE35CDEC0@???>
>X-SA-Exim-Connect-IP: ::1
>X-SA-Exim-Mail-From: baloo@???
>X-Spam-Checker-Version: SpamAssassin 3.0.4 (2005-06-05) on ursine.ca
>X-Spam-Level: X-Spam-Status: No, score=-1.6 required=5.0
>tests=ALL_TRUSTED,AWL autolearn=ham version=3.0.4
>X-SA-Exim-Version: 4.2 (built Thu, 03 Mar 2005 10:44:12 +0100)
>X-SA-Exim-Scanned: Yes (on ursine.ca)
>X-Spam-Score: -2.6 (--)
>X-BeenThere: exim-users@???
>X-Mailman-Version: 2.1.5
>Precedence: list
>List-Id: A user list for the exim MTA <exim-users.exim.org>
>List-Unsubscribe:
><http://www.exim.org/mailman/listinfo/exim-users>,<mailto:exim-users-request@exim.org?subject=unsubscribe>
>List-Archive: <http://www.exim.org/mail-archives/exim-users>
>List-Post: <mailto:exim-users@exim.org>
>List-Help: <mailto:exim-users-request@exim.org?subject=help>
>List-Subscribe:
><http://www.exim.org/mailman/listinfo/exim-users>,<mailto:exim-users-request@exim.org?subject=subscribe>
>Errors-To: exim-users-bounces+realcucumber=hotmail.com@???
>Return-Path: exim-users-bounces+realcucumber=hotmail.com@???
>X-OriginalArrivalTime: 26 Jun 2005 00:47:55.0064 (UTC)
>FILETIME=[B0827380:01C579E8]
>
>On Saturday June 25 2005 1:54 pm, .|MoNK|Cucumber . wrote:
>
> > We have this blocked inbound from the net (not allowing anything
> > from the internal domain to come in), however, people can still
> > spoof from addresses internally.
>
>How do you block it inbound from the net?
>
>--
>Paul Johnson
>Email and Instant Messenger (Jabber): baloo@???
>http://ursine.ca/~baloo/
><< attach4 >>
>--
>## List details at http://www.exim.org/mailman/listinfo/exim-users
>## Exim details at http://www.exim.org/
>## Please use the Wiki with this list - http://www.exim.org/eximwiki/