| |||||||||||
Spotting forged email with MTAsSpotting forged email with MTAsPosted Aug 21, 2003 13:06 UTC (Thu) by dps (subscriber, #5725)In reply to: On the value of virus notifications by zmi Parent article: On the value of virus notifications
> The REAL problem is that it is still possible for any virus/worm/software Implementing this is not really feasible unless you have seperate mail servers for mail coming in and going out, which is very rare. I know of perhaps one very large ISP with such a system... so filtering MAIL FROM: to insist on something local is not possible. It might just be possible if you check the source IP in your check_mail ruleset but doubt it is worth the agro generated when the first few iterations are <100% correct. Until a reliable "cookbook" version of this is avialable I doubt many people will implement this. You can, and I have, impelement a rule that stops the mail if neither the sender nor the recipient is local. My version of this is based on sendmail's check_compat ruleset and this is not the only anti-relaying measure on the internal mail server (which the poublic can not reach). This stops the vast majority of forged email. There are cookbooks and hints to help clueless sysadmins insist on one local address (which are also useful for clueful ones too :-) IMHO someone else to take the mistakes before you is always useful for anything as hairy as sendmail rulesets.
(Log in to post comments)
|
|||||||||||