Mailing List CGatePro@mail.stalker.com Message #92448
From: Robinson Maureira Castillo <rmaureira@solint.cl>
Subject: Re: A script or a rule to block forged addresses ?
Date: Tue, 04 Sep 2007 12:10:19 -0400
To: CommuniGate Pro Discussions <CGatePro@mail.stalker.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Bret Miller wrote:
>
> How about setting the domain to "force auth" for "non-clients"? The force auth setting requires authentication for from addresses in your domain(s). If you set it to non-clients, it requires authentication from anyone outside your network in order to send email from accounts in your domain(s).
>
In our experience, that doesn't solve the problem. We're usually getting
spammers on our platform, that use a valid account, and then forge the
- From header e.g.

- -- snip --
Received: from [190.45.8.150] (account sebastian.jara@vtr.net HELO servidor)
  by fe1.vtr.cl (CommuniGate Pro SMTP 5.0.12)
  with ESMTPA id 160980562; Wed, 01 Aug 2007 10:59:19 -0400
Message-ID: <41225-22007831145929137@servidor>
X-EM-Version: 6, 0, 1, 0
X-EM-Registration: #00F06206106618006920
To: "hosting" <hostingmcv@yahoo.es>
Organization: mcv
From: "Su empresa en internet" <hostingmcv@yahoo.es>
- -- snip --

As you can see, the account is indeed authenticated, but using a
different From header.

In strict terms, CGP is acting as it should, according to the SMTP AUTH
RFC (RFC 2254). The RFC doesn't say anything about forged addresses.

I'm toying with the idea of an external filter to do the check, but I
have some doubts about the performance hit of doing this, specially on
heavily loaded systems.

Best regards,
- --
Robinson Maureira Castillo
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iD8DBQFG3YNru+2kmA0sEb4RAmedAJ93lz2n7K+HvNAmr3sBnvlYR9vwzgCfSK00
rgJg2/sS8dL+ZzRQXf4iT5s=
=DJT2
-----END PGP SIGNATURE-----
Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster