All, Yesterday, I had a spam come in, in which I noticed the MessageID contained my own domain. Since the originating MTA is responsible for generating the MessageID, and since the message came from the outside, I added the following in sub filter() of my mimedefang-filter last night. Over night, it caught about 20 messages.
if ($MessageID =~ /[EMAIL PROTECTED]>$/i && !Exclude_FromInternal() && !Exclude_FromDmz()) { md_syslog 'info', "bogus_MessageID: Originating MTA claims to be us in MessageID $MessageID."; return ('REJECT', 'Originating MTA can not claim to be us in MessageID.'); } While I'm on the subject, here's a nice CheckMessageId rule, for sendmail. Add this to the LOCAL_RULESETS section of your sendmail.mc, and regenerate your .cf file. This rule ensures that a MessageID is present, and is of the correct format. It also checks the RHS (right hand side) against access.db. As always, watch out for line-wrap... # Check for valid Message ID # Check message id for valid hostname (after @) HMessage-Id: $>CheckMessageId SCheckMessageId # Record the presence of the header R$* $: $(storage {MessageIdCheck} $@ OK $) $1 # check for local Message-Id: header for non-local headers # Put client hostname in an initial lookup focus # anything -> < lookup focus > anything R$* $: < $&{client_name} > < $1 > # test if client hostname in lookup focus ends with one of our # domains, $=m, if so the message is locally generated and all # Message-Id: header are OK R< localhost > < $+ > $@ OK # reject all other locally generated Message-Id: headers because # client hostname is not local R< $+ > < $+ @ $j > $#error $: "553 Delivery blocked; HMessage-ID: indicates local generation but client is not local (may be forged)" # strip trash lookup focus leaving the original header R< $+ > < $+ > < $2 > # Check MessageID for blocked domain names R< $+ @ $+ > $: $(access $2 $: OK $) ROK$* $@ OK RREJECT$* $#error $: "553 Delivery blocked; HMessage-ID: failed access database lookup" RDISCARD$* $#discard $: discard RERROR:$* $#error $: $1 R< $+ @ $+ > $@ OK # Valid messageIDs should not get this far R$* $#error $: "553 Delivery blocked; HMessage-ID: indicated invalid format" KEN CORMACK, RHCE Sr. UNIX Systems Analyst, Open Systems Group Sr. Software Analyst, TSG Midrange Systems Group AFFILIATED COMPUTER SERVICES, INC. _______________________________________________ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang