Mailing List CGatePro@mail.stalker.com Message #92482
From: cherif abarguia <abarguia@mail.belgavillage.be>
Subject: Re: A script or a rule to block forged addresses ?
Date: Thu, 6 Sep 2007 16:47:33 +0200
To: CommuniGate Pro Discussions <CGatePro@mail.stalker.com>
X-Mailer: Apple Mail (2.752.3)
Thanks for the script. I am going to give it a try

On 5 sept. 07, at 18:29, Robinson Maureira Castillo wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Bret Miller wrote:
The filter would skip the tests if it the message was not submitted authenticated, so it would only apply to email submitted by valid accounts on your server. Force auth would take care of the rest.

It's a fairly simple concept. You wouldn't want to "reject" the messages since the return-path is forged, but you could discard them and build a rejection notice to submit to the account used to authenticate.


I came up with the following script, it can be used along with this
global rule:

Header Field is Received:*account*HELO*
Header Field is not X-ForgeFiltered: yes

That way it will only apply to authenticated messages.

The script can be found here
http://soporte.solint.cl/~rmaureira/cgp/forgefilter.pl

I've done some tests using my personal account, with no problems so far,
but YMMV.

It uses the PIPE interface to re-submit the messages, if you're using
5.0x versions of CGP, you must change the extension of the submitted
file, from .sub to .msg

Any feedback is welcome, best regards
- --
Robinson Maureira Castillo
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iD8DBQFG3tmHu+2kmA0sEb4RAuYkAJ9OCxZnOEC+sH7TiNjXcH6APQTyqQCeOKHy
wdl0uAyPZPDbGTuO5IFySRE=
=fP7b
-----END PGP SIGNATURE-----

#############################################################
This message is sent to you because you are subscribed to
  the mailing list <CGatePro@mail.stalker.com>.
To unsubscribe, E-mail to: <CGatePro-off@mail.stalker.com>
To switch to the DIGEST mode, E-mail to <CGatePro-digest@mail.stalker.com>
To switch to the INDEX mode, E-mail to <CGatePro-index@mail.stalker.com>
Send administrative queries to  <CGatePro-request@mail.stalker.com>

Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster