On 3/3/2006 9:38 AM Scot L. Harris wrote:
On Fri, 2006-03-03 at 08:26 -0600, JHorne wrote:
I would like my sendmail to reject any emails presented that have a
mismatched senders email@domain and host.domain. example:
Return-Path: <info-c@xxxxxxxxxxxxx>
Received: from global-change-mail.com (cug31-1-82-234-61-176.fbx.proxad.net
[82.234.61.176])
I have been searching for a couple weeks off and on for the answer to this,
but im having no luck at each attempt. Can someone shed light on how to
force sendmail to demand that senders domain match the hosts domain? With
rejection if they do not match? Reverse lookups are already enabled, but
that seems to only see if the hosts reverse records exists, not whether or
not the email being sent thru it is authorized.
If this setting is even possible, yes, I realize the potential for false
positives, but at this point, in my eyes, this is by far my best solution to
rejecting spam on my private 5 account email server.
Thanks in advance,
jonathan
Take a look at one of the greylisting solutions. I implemented
milter-greylist at one small business and was able to block about 98% of
the spam that was directed at their server. Spamassassin catches almost
all of the remainder.
greylisting uses a temp failure code (451), which most spammers do not
handle per the RFC. That should eliminate most if not all of the type
of messages you are targeting since most spam has forged from
information.
I'll just ditto what Scot said. I run a personal mail server (about five
email accounts and four mailing lists). Between milter-greylist and
sbl-xbl.spamhaus.org, I'd say my wife and I get a total of maybe 1 spam
message a month. The greylisting stops anywhere from a dozen to a couple
hundred messages a day. The latter is usually after the latest worm
outbreak. I think your solution would have worse false positives than
you realize.
