Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Sendmail 8.11 configuration/security issue

From: <john65 () pobox com>
Date: Fri, 3 Jan 2003 13:03:07 -0500 (EST)
On Fri, 3 Jan 2003 oobs3c02 () attbi com wrote:


I'm running sendmail 8.11 on a Solaris server. The server has a single
interface and sits in my DMZ. I'm trying to find a way to block
inbound mail with my domain spoofed as the sender.


I'm not sure what you accomplish by doing this.
see:
http://groups.google.com/groups?selm=8nl0kt%24mna%241%40zardoc.endmail.org&output=gplain



The scenario turned up when a person I know received spam with the
sender being spoofed showing amber () mydomain com and recipient being
myfriend () mydomain com. After inspecting the mail headers, we discovered
that the source IP was definitely external. We've scoured sendmail.org,
arachnoid.com, cauce.org and all the books we have and could not find
this scenario speifically mentioned.

Problems/Questions
1. If we block spammers by domain as recommended at
   http://www.arachnoid.com/lutusp/antispam.html#filter_forwarding,
   how do we get around our internal users being blocked from sending
   mail out?


This isn't going to help you. Are you talking about open relays now? If
you're running a recent sendmail, open relaying is off by default. Read
the documentation in the sendmail source distribution first. See
cf/README. I think you're making this too hard on yourself. The link you mention
has bad (direct editing of the sendmail.cf should never be done) and
outdated advice.



2. Does anyone know of a way to check the network that a specific
   domain is sending from? This way we could look at mydomain.com and
   compare it to a specific subnet that we allow.


See cf/README.
Previous By Date Next
Previous By Thread Next

Current thread: