Re: Sendmail 8.11 configuration/security issue

["simsjs" <sims () interex org>]

Although I haven't written a rule to do this, you should be able to use procmail to create a rule for this. You could 
check the "From:" line and if it matches yourdomain.com then check the "Received: from"   to make sure that is your 
smtp server. If it is not then filter it, move it, modify it, or whatever you want. Hopefully you get some ideas from 
this.

Jeff


*********** REPLY SEPARATOR  ***********

On 1/3/2003 at 4:38 PM oobs3c02 () attbi com wrote:

> I'm running sendmail 8.11 on a Solaris server.  The server has a single
> interface and sits in my DMZ. I'm trying to find a way to block inbound
> mail
> with my domain spoofed as the sender.  The scenario turned up when a
> person I
> know received spam with the sender being spoofed showing
> amber () mydomain com and
> recipient being myfriend () mydomain com.  After inspecting the mail headers,
> we
> discovered that the source IP was definitely external.  We've scoured
> sendmail.org, arachnoid.com, cauce.org and all the books we have and could
> not
> find this scenario speifically mentioned.
>
> Problems/Questions
> 1. If we block spammers by domain as recommended at
> http://www.arachnoid.com/lutusp/antispam.html#filter_forwarding, how do we
> get
> around our internal users being blocked from sending mail out?
> 2. Does anyone know of a way to check the network that a specific domain
> is
> sending from?  This way we could look at mydomain.com and compare it to a
> specific subnet that we allow.
>
> Thanks in advance for your help.
>
> Jim