How can I configure sendmail so that; If an incoming email includes a
FROM address in which the domain is listed in the Local Domains (Cw)
list and the user does not exist (and is not an alias), sendmail should
reject the email.
I get a lot of spam sent to my domain(s) (and SpamAssassin catches a lot
of it) but there is a considerable amount of spam in which the FROM is
faked so that it appears as though a local user has sent the message.
I would think that it would be trivial for Sendmail, at the SMTP
level, to detect that a FROM address is listed as one of the Local
Domains, and then to do a check on the user name. If there are no
mail accounts (or aliases) that match the user name, don't accept the
message. It sounds simple but I have not found the answer myself.
I would want a Sendmail M4 Configuration string. |
Request for Question Clarification by
webadept-ga
on
25 Apr 2005 22:30 PDT
The reason you havn't found this is because Sendmail doesn't do it
very well. The tool you are looking for is Procmail if you are a
Sendmail person running a Unix/Linux type box. With Procmail it is
trivial. Since you have Spam-assasin running, you probably have
procmail setup for filtering already, just need the string in there.
http://www.procmail.org/
webadept-ga
|
Clarification of Question by
3dlover-ga
on
25 Apr 2005 23:32 PDT
This is on a Fedora Core 3 system, and yes I do have Procmail. The
one problem I see with procmail is that by the time it reaches the
Procmail phase, the sendmail has completed the SMTP connection and has
accepted the email into it's queue. I'd prefer a way that sends an
SMTP rejection code and halts the transmission. (saving bandwidth and
CPU/IO time)
But if this is not possible I would consider a procmail solution. I
don't want a solution in which I would need to edit every users
.procmail file. Is there a procmail file that's run before the users
procmail script is called? Even better, is there a point in delivery
where I can do a procmail script before the message is sent to
individual users? Most of these faked FROM messages are sent TO 5-20
users (using random 'dictionary' lookup names). I'd rather kill a
message like this once then 20 times.
If Procmail is the only route and there is a global procmail script, I
would want a procmail rule that can check the FROM address against the
Local Domains, and if it matches it would then check the user name
against all deliverable addresses (unix user accounts, aliases,
virtusers (Address Mappings), etc.). Since this rule would
potentially delete any mail originating from my site, I need to make
sure that the FROM addresses is truly spoofed and is not deliverable.
|
Request for Question Clarification by
webadept-ga
on
26 Apr 2005 07:24 PDT
You should have a procmail file under /etc .. that is the main one.
All mail is sent through that and is keyed into spam-assasin from
there (if memory serves). So you wouldn't change the users
/home/username/.procmail files at all, and they would never know it
happened. The trouble with procmail is that it is fire-and-forget ...
meaning that I set up my server a year or so ago and havn't had to
look at that area again. :-) which I'm not complaining about at all.
Procmail is your tool for this however. When you get into rule sets
like you are describing, it is best to use the right tool, rather than
trying to force something not designed to do it, into preforming that
way.
I'll do some reading on it, but we also have other researchers who are
just as up as I am on these things, so don't be surprised if one of
them gives you the lines you need with instructions.
Just a note though from years of experience with system
administration; it is always better to have a testing server you can
poke at for a few days, rather than setting loose even the simplest
change to a mission critical area.
webadept-ga
|
