Mailing List CGatePro@mail.stalker.com Message #92467
From: Robinson Maureira Castillo <rmaureira@solint.cl>
Subject: Re: A script or a rule to block forged addresses ?
Date: Wed, 05 Sep 2007 12:29:59 -0400
To: CommuniGate Pro Discussions <CGatePro@mail.stalker.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Bret Miller wrote:
> The filter would skip the tests if it the message was not submitted authenticated, so it would only apply to email submitted by valid accounts on your server. Force auth would take care of the rest.
>
> It's a fairly simple concept. You wouldn't want to "reject" the messages since the return-path is forged, but you could discard them and build a rejection notice to submit to the account used to authenticate.
>

I came up with the following script, it can be used along with this
global rule:

Header Field is Received:*account*HELO*
Header Field is not X-ForgeFiltered: yes

That way it will only apply to authenticated messages.

The script can be found here
http://soporte.solint.cl/~rmaureira/cgp/forgefilter.pl

I've done some tests using my personal account, with no problems so far,
but YMMV.

It uses the PIPE interface to re-submit the messages, if you're using
5.0x versions of CGP, you must change the extension of the submitted
file, from .sub to .msg

Any feedback is welcome, best regards
- --
Robinson Maureira Castillo
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iD8DBQFG3tmHu+2kmA0sEb4RAuYkAJ9OCxZnOEC+sH7TiNjXcH6APQTyqQCeOKHy
wdl0uAyPZPDbGTuO5IFySRE=
=fP7b
-----END PGP SIGNATURE-----
Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster