All,
Yesterday, I had a spam come in, in which I noticed the MessageID contained
my own domain. Since the originating MTA is responsible for generating the
MessageID, and since the message came from the outside, I added the
following in sub filter() of my mimedefang-filter last night. Over night,
it caught about 20 messages.
if ($MessageID =~ /[EMAIL PROTECTED]>$/i && !Exclude_FromInternal() &&
!Exclude_FromDmz()) {
md_syslog 'info', "bogus_MessageID: Originating MTA claims to be us
in MessageID $MessageID.";
return ('REJECT', 'Originating MTA can not claim to be us in
MessageID.');
}
While I'm on the subject, here's a nice CheckMessageId rule, for sendmail.
Add this to the LOCAL_RULESETS section of your sendmail.mc, and regenerate
your .cf file. This rule ensures that a MessageID is present, and is of the
correct format. It also checks the RHS (right hand side) against access.db.
As always, watch out for line-wrap...
# Check for valid Message ID
# Check message id for valid hostname (after @)
HMessage-Id: $>CheckMessageId
SCheckMessageId
# Record the presence of the header
R$* $: $(storage {MessageIdCheck} $@ OK $) $1
# check for local Message-Id: header for non-local headers
# Put client hostname in an initial lookup focus
# anything -> < lookup focus > anything
R$* $: < $&{client_name} > < $1 >
# test if client hostname in lookup focus ends with one of our
# domains, $=m, if so the message is locally generated and all
# Message-Id: header are OK
R< localhost > < $+ > $@ OK
# reject all other locally generated Message-Id: headers because
# client hostname is not local
R< $+ > < $+ @ $j > $#error $: "553 Delivery blocked; HMessage-ID:
indicates local generation but client is not local (may be forged)"
# strip trash lookup focus leaving the original header
R< $+ > < $+ > < $2 >
# Check MessageID for blocked domain names
R< $+ @ $+ > $: $(access $2 $: OK $)
ROK$* $@ OK
RREJECT$* $#error $: "553 Delivery blocked; HMessage-ID:
failed access database lookup"
RDISCARD$* $#discard $: discard
RERROR:$* $#error $: $1
R< $+ @ $+ > $@ OK
# Valid messageIDs should not get this far
R$* $#error $: "553 Delivery blocked; HMessage-ID:
indicated invalid format"
KEN CORMACK, RHCE
Sr. UNIX Systems Analyst,
Open Systems Group
Sr. Software Analyst,
TSG Midrange Systems Group
AFFILIATED COMPUTER SERVICES, INC.
_______________________________________________
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
