f



Force MAIL FROM address to match AUTH address

Good day everyone. I'm having a problem that I hope someone can help with b=
ecause I have been banging my head against a wall for 2 days. I have many e=
mail domains on my sendmail server. I'm having a problem with people purcha=
sing hosting accounts from me and then using those accounts to send out spa=
m from my server. What they are doing is authenticating as their valid emai=
l address that they receive with their hosting package, but then they are c=
hanging the MAIL FROM address to make it look like the email being sent fro=
m a different address. Does anyone know how I can force the MAIL FROM addre=
ss to match the AUTH address in this case? I need to do it on a per-domain =
or per-user basis or if there is a server-wide setting to ensure all outbou=
nd email will always be sent from matching MAIL FROM and AUTH addresses, I =
would be happy to know that as well. Thanks in advance for your help. 
0
Linda
10/7/2015 1:16:44 PM
comp.mail.sendmail 13518 articles. 1 followers. jfretby (35) is leader. Post Follow

7 Replies
640 Views

Similar Articles

[PageSpeed] 3

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wed, 07 Oct 2015 06:16:44 -0700, Linda Pagillo wrote:

>  What they are doing is authenticating as their valid email address
> that they receive with their hosting package, but then they are
> changing the MAIL FROM address to make it look like the email being
> sent from a different address.

I prefer to leave such policy decisions to a milter. It would be easy to
write milter to enforce that policy. You could also modify an existing
milter such as http://www.five-ten-sg.com/dnsbl/ to do what you want.

As far as outgoing spam control, I have found that simple rate limits
work well to detect spamming customers. The milter above can enforce a
variety of rate limits.


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)

iEYEARECAAYFAlYVOnYACgkQL6j7milTFsHK3ACggq8V6U0GdrEHWi2HEE4Dvtbs
lIMAn1tzUDD4yx/PjKk7NozUt4rb4zZa
=baEb
-----END PGP SIGNATURE-----
0
Carl
10/7/2015 3:30:50 PM
Thank you for your response Carl. Will the milter idea work to ensure that =
the MAIL FROM address always matches the AUTH address on outbound email? If=
 no, is there any way at all to ensure that the spammers who are spamming o=
ut from my server are unable to change the MAIL FROM address? We already ra=
te-limit outbound messages. I understand that it's tough to stop spammers, =
especially when they are using a valid, authenticated account on my server =
to spam out to the world. However, I think a recipient of this spam would b=
e less likely to open it if they see that it's coming from a FROM address t=
hat they don't recognize instead of say a bank or school FROM address that =
they are familiar with.  I need a sure way of preventing outbound spammers =
from changing the MAIL FROM address of their messages. This problem is driv=
ing me nuts to be honest. Will a milter do this for me? Thanks again!
0
Linda
10/7/2015 4:05:40 PM
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wed, 07 Oct 2015 09:05:40 -0700, Linda Pagillo wrote:

> Will the milter idea work to ensure that the MAIL FROM address always
> matches the AUTH address on outbound email?

Yes, but I don't know of any current milter that can enforce that. It is
easy to write (or modify) one to do that.


> We already rate-limit outbound messages.

What sort of limiting? My dnsbl milter can impose individual rate limits
by AUTH identifier, so that joe@example.com can only send to 30
recipients per hour, sam@example.com can send to 100 recipients per
hour, and *@another.example.com can send to 200 recipients per hour.

You might also consider limiting the number of unique ip addresses for a
given AUTH id, which my milter can also do. So joe@example.com can only
use 5 unique ip addresses per day.



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)

iEYEARECAAYFAlYVeIsACgkQL6j7milTFsH48ACeO45FbPwsTLTAnaDXXjexXLoF
/ngAoIEYYNtoEud6dthKX0RFaQkxANWe
=KoXR
-----END PGP SIGNATURE-----
0
Carl
10/7/2015 7:55:31 PM
Thanks again Carl. I'm a complete sendmail newbie. I would have no clue how=
 to modify or write a milter to ensure that the MAIL FROM address always ma=
tches the AUTH address on outbound email. Can you possibly post one for me =
that can do that? As for rate limiting, thank you for the examples that you=
 provided on how you do your limiting. Would you be willing to also share t=
hat milter with me? If I'm asking too much, I apologize.
0
Linda
10/7/2015 8:05:13 PM
On Wednesday, October 7, 2015 at 10:05:15 PM UTC+2, Linda Pagillo wrote:
> Thanks again Carl. I'm a complete sendmail newbie. I would have no clue h=
ow to modify or write a milter to ensure that the MAIL FROM address always =
matches the AUTH address on outbound email. Can you possibly post one for m=
e that can do that? As for rate limiting, thank you for the examples that y=
ou provided on how you do your limiting. Would you be willing to also share=
 that milter with me? If I'm asking too much, I apologize.

MIMEDefang ( http://mimedefang.org/ ) is a Perl-driven Milter. At least, su=
ch milter can reject messages on a condition like "auth'ed user is such, bu=
t mail from does not belong to the user".
0
ska
10/8/2015 9:49:18 AM
Thank you again Carl. Once last question... will MIMEDefang work to reject messages on a condition like "auth'ed user is such, but mail from does not belong to the user" on outgoing mail?

0
Linda
10/8/2015 12:34:59 PM
Thank you Ska. Once last question... will MIMEDefang work to reject messages on a condition like "auth'ed user is such, but mail from does not belong to the user" on outgoing mail?

Carl, again, thank you for all of your help.
0
Linda
10/8/2015 3:53:26 PM
Reply:

Similar Artilces:

Mail address only allowed for specific mail addresses
Hi, We have a normal mailgroup with a list of e-mail addresses which is configured with the normal :include:/path/to/textfile statement in the alias file. Now we want to restrict the list to the mailaddresses in the textfile. is this possible and if, are there some example rules for that? Thanks Oli Oliver Rahn wrote: > We have a normal mailgroup with a list of e-mail addresses which is > configured with the normal :include:/path/to/textfile statement in the > alias file. Now we want to restrict the list to the mailaddresses in the > textfile. See http://www.sendmail...

Mailing Addresses: Multiple addresses/address history?
For better or worse, I have chosen to implement mailing addresses in a particular application as a separate table. One Person ==> Many Addresses. It is a database for managing school reunions and people really do have multiple (summer/winter, for instance) mailing addresses. I'd also like to keep track of people's defunct addresses. To that end, "tblAddress". But I'm not sure how to handle address statuses/status dates....and even whether I need some more address-specific fields besides AddressType. Right off the bat, I need to identify addresses as current or...

Need auto-mailer software
OK, here is what I'm looking to do... I have an intranet database and basically I'd like to be able to click on a mailing list I have, and have it send that list of e-mails, along with HTML that will be in the mailer, and a subject, to an address that will process those addresses and send out the mailer automatically. Or if there is some web-based solution that will allow me to submit a form w/ a text file attachment of addresses, the HTML source, and subject, that'll work too... Any thoughts? On 12 Sep 2003 12:38:24 -0700, Andy Milk <amilk@catalyst-i.com> wrote: > &g...

Mails sent mail to internal people are sent to their Internet mail address
Hi. When people in our company send mail messages to others in our company's directory Lotus Notes sends directly to the Internet. Since our Domino server is not yet configured as an SMTP relay, our fellows use Notes 6 client to read their Notes mailbox and send mails directly to the Internet. They all have a pop3 account by our ISP that they must read from their Notes client. Our Domino R6 server is installed on a Linux machine on which I have no control. Notes R6 clients use replication to read their mail from their ISP pop3 account. I'd like Lotus Notes R6 clients to...

Rejecting mail address to mail gateway
I have a mail gateway that accepts mail for a number of domains. The gateway handles incoming email only. Outgoing mail is delivered via a separate system. I've recently started to receive spam addressed to and in some cases from, users on the gateway. The gateway has no valid users. How can I stop sendmail 8.13 accepting mail addressed to the (non existant) gateway but still allow the gateway to accept mail to the doamin? Regards ER Hi snowyskiesau, I am likewise trying to limit the access to my mail gateway, and have accomplished some results. For your problem, if you are acceptin...

change mail address in mail client
Hi, I try to change my mail address on default mail client on Solaris 8. Is it possible, Rgds, Vincent ...

Mails are not receiving from client mail address
Hi we rae not receiving mails from our client mail address since yesterday only ,let me know where to look into this problem ...

Using the address book for more than only e-mail addresses
I would like to use the address book (on an IMAP server) of PINE not only for keeping e-mail adresses but also adresses, phone numbers, etcetera. The problem is that just putting all this information in the "Comments:" field seems too unstructured. Is there a possibility of creating custom fields (in some sense) and of exporting (selected fields from selected entries) to a file? I don't expect this is possible with PINE alone, is there anyone who has experience with this using pipes and scripts? If so, could you give me some pointers? Erik ...

Please unregister this mail-address out of mailing-list.
Dear Python Staff, I am writing this letter to unsubscribe this mail-address from python mail-list. One problem is that this python community is so active that I always lost myself to find my business emails. So, I want to quit this mail-address from you, and want to set up a specific mail-box to receive all python mails. Since could find a way to unsubscribe the mails, I need to write this letter to you. Please help. BTW, python is indeed great, thank you all for any supports. Hank. ...

Rejecting mail address to mail gateway #2
I have a mail gateway that accepts mail for a number of domains. The gateway handles incoming email only. Outgoing mail is delivered via a separate system. I've recently started to receive spam addressed to and in some cases from, users on the gateway. The gateway has no valid users. How can I stop sendmail 8.13 accepting mail addressed to the (non existant) gateway users but still allow the gateway to accept and fordward mail to the doamin? Regards ER In article <pan.2005.03.05.07.08.15.489067@yahoo.com> "ER" <snowyskiesau@yahoo.com> writes: >I have a mail ...

Mail: Forwarding each message in $MAIL to another address.
This is a tricky one. I need to forward each message which is contained in my $MAIL file to another address as a message, instead of an attachment. Something that will sift though and send each message. There are 512 of them to be sent. Any thoughts? Michael I really just need something that will choose each message in $MAIL and allow me to forward it using a simple shell script with /usr/bin/mail. Michael "Michael McDowell" <mcdowe@gmail.com> writes: > I really just need something that will choose each message in $MAIL and > allow me to forward i...

no valid mail address from the originator in a forwarded mail
Hi, in a forwarded mail there should look similar like this: --- forwarded from .....---- From: <originator@domain.com> #<! valid mail address To: <....> Date: Subject ----------------------------- Section. We have the Problem that the To field only shows the Full Name of the originator an no valid @ mail address, so that the receiver of a forwarded mail is never able to send am mail to the originator. in other Domino Networks with the same Versions 8.5.3 we do not have this Problem (always valid mail addresses). How can i change that? ...

Problem with getting mails and umlauts in mail address
This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. --8323328-1264083873-1212761001=:11095 Content-Type: TEXT/PLAIN; charset=ISO-8859-15 Content-Transfer-Encoding: QUOTED-PRINTABLE Hi I have a problem getting mails that have umlauts in the mail address.=20 The mail addresses (from and to) get mangled and they are not usable to=20 reply. I don't know what component of my mail chain produces this=20 problem. I have the following setup: gmail.com mail account fetchmail to get mails procma...

Mails from postmaster address to mailing list are lost
I have been using Mercury/32 with a domain mailbox for several years with very few problems. I currently use v3.31 (but my problem is also present with v3.32). But I have this problem: if the term 'postmaster' is part of the mail address of a mail sent to one of my mailing lists, the mail is never delivered. For example, if a mail from 'postmaster@somedomain.com' is sent to mailing list 'ml@mydomain.com', the mail is never delivered. The problem persists even if the from address is changed to 'postmaster42@somedomain.com'. If the from address is ch...

Web resources about - Force MAIL FROM address to match AUTH address - comp.mail.sendmail

IPv4 address exhaustion - Wikipedia, the free encyclopedia
IPv4 address exhaustion is the depletion of the pool of unallocated Internet Protocol Version 4 (IPv4) addresses. The IP address space is managed ...

Falling flat: Cricket Australia to address imbalance between bat and ball after summer of tons
Cricket Australia have been left underwhelmed by the theme of flat wickets this summer from the Test portion of the season to Australia and India's ...

Here's everything Facebook is doing this year to address its 'pathetic' diversity numbers
... So therefore you're less likely to be the people graduating with degrees and with the skills we need to hire. We're using TechPrep to address ...

Tom Brady Address ‘Crybaby’ Comments From Broncos Players
Tom Brady answers the question on if he is, in fact, a cry baby as Antonio Smith believes he is.

At D.C. meeting, Emanuel does little to address Laquan McDonald controversy
Chicago Tribune At D.C. meeting, Emanuel does little to address Laquan McDonald controversy Chicago Tribune Mayor Rahm Emanuel speaks at the ...

The Oscars Could Make Big Changes To Address Its Diversity Issue
The Film Academy has already made statements saying they want to take steps in order to improve diversity among both Oscar nominees and Academy ...

In Flint and beyond, people come together to address city's water crisis
Christian Science Monitor In Flint and beyond, people come together to address city's water crisis Christian Science Monitor As the crisis ...

Obama reminds Americans of ACA deadline and benefits in weekly address
... care inflation to its lowest levels in fifty years. President Obama highlighted the success of the Affordable Care Act in his weekly address ...

EXCLUSIVE: Chris Rock Not Dropping Out Of Oscars, Rewriting Monologue to Address #OscarsSoWhite Outrage ...
EXCLUSIVE: Chris Rock Not Dropping Out Of Oscars, Rewriting Monologue to Address #OscarsSoWhite Outrage

AMD quarterly results show improvement, Zen will address 80 percent of server market
AMD's Q4 2015 figures are in, and they show some small improvements compared to what we saw in Q3 of last year. We also heard a few tidbits on ...

Resources last updated: 1/25/2016 3:54:31 AM