Re: Reject messages from spoofed addresses except ones coming from specifc hosts? [SPF]



"Gross, Michael" <michael.gross@xxxxxx> wrote:
is it possible to configure sendmail so that messages from a
particular domain are rejected except when those are coming from
particular hosts?

For instance: Reject every message with sender address spoof.com when
coming from unspecified hosts, but allow messages from spoof.com when
they are received from i.e. server 12.12.12.12?

Is this easily possible in sendmail (version is 8.13.8).

Have you considered configuring support for SPF records in DNS?
http://www.openspf.org/
SPF allows DNS domain owner to list host allowed to use it in email.
It allows sites supporting SPF to reject messages with envelope sender
not in fitting SPF list.

AFAIK SPF support can be implemented via milters e.g. via multipurpose
(free) http://MIMEDefang.org/ milter.

--
[pl>en Andrew] Andrzej Adam Filip : anfi@xxxxxxx : anfi@xxxxxxxx
Open-Sendmail: http://open-sendmail.sourceforge.net/
What is research but a blind date with knowledge?
-- Will Harvey
.



Relevant Pages

  • Re: Is SPF a useful methodology for identifying spam email?
    ... SPF (sender policy framework) is only used by a receiving mail host to identify who was the actual sender of an e-mail. ... SPF can be spoofed by the sender adding SPF lookalike headers in the e-mail so the recipient seeing them thinks that SPF was actually involved between the sending and receiving mail hosts when it was not. ... SPF does not stop spam. ...
    (microsoft.public.windows.inetexplorer.ie6_outlookexpress)
  • Re: Help: Tracking Down Errant SMTP Server.
    ... prohibits what we perceive as "impersonation" of an envelope sender. ... Originally, JJs were largely malicious, deliberate DoS attacks against ... SPF policy for your domain. ... IPs generated the original messages. ...
    (microsoft.public.inetserver.iis.smtp_nntp)
  • Re: Is Sender ID worth implementing?
    ... Just to touch on the small clients that may have missing or incorrect SPF records... ... Of course your logic about a message getting a higher SCL because of a SenderID fail is spot on, ... I have Sender ID set to "Accept." ... We have a lot of clients who send e-mail from small ISP's, or from their own mail servers, who may have missing or incorrect SPF records. ...
    (microsoft.public.windows.server.sbs)
  • Re: CodeRed Activity
    ... Subject: CodeRed Activity ... this data that Dave Goldsmith posted to Incidents. ... spread rate in the region of 1.6-1.8 hosts per hour. ... > sender, except where the sender specifically states them ...
    (Incidents)
  • Re: How does the new anti spam SPF work regarding the senders email address ?
    ... SPF defines how to determine what a domain thinks about the relationship ... Earlier this year Microsoft proposed a validation scheme for the From: ... also announced patent claims on their "Sender ID" proposal. ... > (and sending email to our only provider). ...
    (comp.security.misc)