[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Spoofed email
- To: "Administrative (website/upkeep) Discussions" <admin at arabeyes dot org>
- Subject: Re: Spoofed email
- From: Nadim Shaikli <shaikli at yahoo dot com>
- Date: Thu, 6 May 2004 16:52:37 -0700 (PDT)
--- Nadim Shaikli <shaikli at yahoo dot com> wrote:
> From Administrator at RESA dot ORG Sun May 2 13:06:18 2004
> Return-Path: <Administrator at RESA dot ORG>
> From: <Administrator at arabeyes dot org>
> Sender: <Administrator at arabeyes dot org>
>
> So what happened was that postfix looked at the raw From field,
> the actual real one and it looked fine to it (ie. its not @arabeyes)
> but when mailman looked at the message it used the later From: field
> and let it post. Now the question is how to check that both fields
> are the same else the email is rejected (or how to get both applications
> to use the same From field).
I wasn't able to figure out (nor did I find anything on the net that
pointed me in right direction about comparing the two FROMs), so after
talking to Uniball/Xsnack on IRC - I added a header check to our postfix
main.cf file. So now we should really be solid. We are now NOT allowing
anyone from the outside to come-in with either an envelope from (that was
the first check being done already) or a header From field (new check now)
set to arabeyes.org
All that is left now is how to handle the spoofing of other people's
accounts and whether we should really do anything. Should we add the
"I will not accept mail from known open relay hosts" option ?
Here are some links I found useful with regard to this generic problem,
I'll leave it be until someone else says something and/or a decision on
a plan of action is made :-)
http://www.ordb.org/faq
http://www.spamhaus.org/xbl/index.lasso
http://www.ordb.org/faq/#usage_postfix
http://pfortin.com/Linux/PostFix
BTW: there are some errors/warnings in the syslog file that someone
should look into and fix-up.
Salam.
- Nadim
__________________________________
Do you Yahoo!?
Win a $20,000 Career Makeover at Yahoo! HotJobs
http://hotjobs.sweepstakes.yahoo.com/careermakeover