fighting spoofing?

[michaellunsford]

I saw something somewhere that I might be able to do to prevent these people from spoofing email addresses from my server. Reverse email lookup or something? How to set it up?

Also, I have catch all email addresses enabled on the domain, would that negate the reverse email thing?

PS> I'm getting bounces right now on SPAM messages that did not come from my server.

[the_oliver]

Perhaps this is two late...

Best way to do this is through using black list's through something like spam assasin.  Try looking at something like spamcop.net 's list.  There are loads out there.  SpamAssasin is definatly worth looking at.

As to the bounces this is most likley just spamers doing something clever with there headers so it looks like there from your server.  Often to fool you into opening them.  However if it realy is someone else using your server to send mail this can be a big problem for you, as it could cause your domain to be listed in a black list.  This means that anyone using black list checking (an most do) will not be able to receve mail from you.  Security and restricaions on out going mail though have become almost as important on the mail accounts themselves.

[michaellunsford]

Thanks for the reply. My domain was spoofed in the return address field. The originating IP address does not match the server IP, so I know it didn't come from anyone on my server.

SpamAssassin is great for incoming spam -- doesn't do anything for the fight against spoofing, though.

[the_oliver]

[quote]The originating IP address does not match the server IP, so I know it didn't come from anyone on my server[/quote]

Spamers are clever people!  It is possable to make headers look like this.  For example you could send an email from your server to me, and with a bit of clever playing it would look like it was sent from my server.  What does your mail log say about these sent emails?  does it show them as sent by your server?  (normaly reprosented by a <= befor the address).  Also it is unlikly that they world use your server just to send spam to you.  If they are using your server, not just playing with headers, then there may well be multiple sends in your mail log.

If your running something like md5 athentication on your SMTP server it is unlikly there using your server.  Do you have users outside your local network using anything other then webmail? If not you can tell your SMTP server to only accept conections from your internal IP range.  Would sertinaly stop your problems!