Mailing List CGatePro@mail.stalker.com Message #92466
From: Massimo Bolzoni <massimo.bolzoni@answervad.it>
Subject: Re: A script or a rule to block forged addresses ?
Date: Wed, 5 Sep 2007 18:31:07 +0200
To: CommuniGate Pro Discussions <CGatePro@mail.stalker.com>
X-Mailer: Apple Mail (2.752.3)
Ciao,
as for the manual of cgp:

"You can tell the SMTP module to use the Reverse Connect method:
  • the SMTP module makes a connection to the server that receives E-mail for this Return-Path address
  • the SMTP module sends the Return-Path address to that server and checks the server response

If the server rejects this address, the SMTP module rejects the supplied Return-Path address, too."

This will avoid that someone stating to be from @dummy.dom will post to local accounts through a server/machine for wich @dummy.dom is not an MX

Still it can happen that someone can post to your local accounts through a good IP/MX matching... but this is the expected behaviour.

HTH

Massimo

Il giorno 05/set/07, alle ore 12:50, cherif abarguia ha scritto:

SPF is on. It couldn't help in this situation.

My guess, the rules apply only on parts that are not DATA in a message. But what is DATA in a complete message - FROM, TO, REPLY-TO, RETURN-PATH, ... - and What's not is not clear for me. Can someone enlight me on this subject ?

cherif abarguia



On 5 sept. 07, at 08:41, Christoph Roethlisberger wrote:

I think that you're looking for SPF, as this is exactly what you try to do with this rule.
You can build your own SPF rule here: www.openspf.org, but normally it should look somehow like "v=spf1 mx -all" or "v=spf1 mx a:mail.mydomain.com -all

This will not reject authenticated sender that will use your domain, but any unauthenticated email you're receiving that has you domain set as sender address.

Christoph Roethlisberger


----- Original Message ----- From: "cherif abarguia" <abarguia@mail.belgavillage.be>
Sent: Tuesday, September 04, 2007 12:34 PM
Subject: A script or a rule to block forged addresses ?


Hi,

2 simple questions:

Is there a script to stop forged addresses ?

I wish to know if the following rule is enough stop forged addresses

[source] [not in] trusted, authenticated
[From] [in] *@MyHostedDomains.com , *Mailer-Daemon*
[return-Path] [not in] *@MyHostedDomains.com , *Mailer-Daemon*
[reject] or [Discard]

Running CGPRO 4.2.10 under Mac OS X

Thanks

cherif abarguia



#############################################################
This message is sent to you because you are subscribed to
 the mailing list <CGatePro@mail.stalker.com>.
To unsubscribe, E-mail to: <CGatePro-off@mail.stalker.com>
To switch to the DIGEST mode, E-mail to <CGatePro-digest@mail.stalker.com>
To switch to the INDEX mode, E-mail to <CGatePro-index@mail.stalker.com>
Send administrative queries to  <CGatePro-request@mail.stalker.com>


#############################################################
This message is sent to you because you are subscribed to
 the mailing list <CGatePro@mail.stalker.com>.
To unsubscribe, E-mail to: <CGatePro-off@mail.stalker.com>
To switch to the DIGEST mode, E-mail to <CGatePro-digest@mail.stalker.com>
To switch to the INDEX mode, E-mail to <CGatePro-index@mail.stalker.com>
Send administrative queries to  <CGatePro-request@mail.stalker.com>

Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster