Jump to content


Photo

fighting spoofing?


  • Please log in to reply
3 replies to this topic

#1 michaellunsford

michaellunsford
  • Members
  • PipPipPip
  • Advanced Member
  • 1,023 posts
  • LocationLouisiana, USA

Posted 30 September 2006 - 01:15 AM

I saw something somewhere that I might be able to do to prevent these people from spoofing email addresses from my server. Reverse email lookup or something? How to set it up?

Also, I have catch all email addresses enabled on the domain, would that negate the reverse email thing?

PS> I'm getting bounces right now on SPAM messages that did not come from my server.

#2 the_oliver

the_oliver
  • Members
  • PipPipPip
  • Advanced Member
  • 364 posts
  • LocationSurrey, UK

Posted 21 November 2006 - 11:42 PM

Perhaps this is two late...

Best way to do this is through using black list's through something like spam assasin.  Try looking at something like spamcop.net 's list.  There are loads out there.  SpamAssasin is definatly worth looking at.

As to the bounces this is most likley just spamers doing something clever with there headers so it looks like there from your server.  Often to fool you into opening them.  However if it realy is someone else using your server to send mail this can be a big problem for you, as it could cause your domain to be listed in a black list.  This means that anyone using black list checking (an most do) will not be able to receve mail from you.  Security and restricaions on out going mail though have become almost as important on the mail accounts themselves.

#3 michaellunsford

michaellunsford
  • Members
  • PipPipPip
  • Advanced Member
  • 1,023 posts
  • LocationLouisiana, USA

Posted 22 November 2006 - 12:27 AM

Thanks for the reply. My domain was spoofed in the return address field. The originating IP address does not match the server IP, so I know it didn't come from anyone on my server.

SpamAssassin is great for incoming spam -- doesn't do anything for the fight against spoofing, though.

#4 the_oliver

the_oliver
  • Members
  • PipPipPip
  • Advanced Member
  • 364 posts
  • LocationSurrey, UK

Posted 22 November 2006 - 09:16 AM

The originating IP address does not match the server IP, so I know it didn't come from anyone on my server


Spamers are clever people!  It is possable to make headers look like this.  For example you could send an email from your server to me, and with a bit of clever playing it would look like it was sent from my server.  What does your mail log say about these sent emails?  does it show them as sent by your server?  (normaly reprosented by a <= befor the address).  Also it is unlikly that they world use your server just to send spam to you.  If they are using your server, not just playing with headers, then there may well be multiple sends in your mail log.

If your running something like md5 athentication on your SMTP server it is unlikly there using your server.  Do you have users outside your local network using anything other then webmail? If not you can tell your SMTP server to only accept conections from your internal IP range.  Would sertinaly stop your problems!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users