Yesterday, I had a spam come in, in which I noticed the MessageID contained my own domain. Since the originating MTA is responsible for generating the MessageID, and since the message came from the outside, I added the following in sub filter() of my mimedefang-filter last night. Over night, it caught about 20 messages.
if ($MessageID =~ /[EMAIL PROTECTED]>$/i && !Exclude_FromInternal() && !Exclude_FromDmz()) { md_syslog 'info', "bogus_MessageID: Originating MTA claims to be us in MessageID $MessageID."; return ('REJECT', 'Originating MTA can not claim to be us in MessageID.'); }
1. Are you sure it actually came in with that Message-ID? Sendmail adds one if there is not one present and the added one will of course have your host's name in it. I forget whether it has been added already at milter stage.
2. If a host generated Message-IDs with the name of the recipient domain in them, does that violate any standard? I agree that it looks spammy, and SpamAssassin scores for this, but I am not sure mail should be rejected as a general rule.
3. Some client software does not create Message-ID and relies on the smtp server to generate it. This includes both PC mail clients and also some PC products that generate mail from databases. A host that acts as smtp server needs to recognize any such permitted use-- perhaps by IP address or by detecting use of smtp auth.
Joseph Brennan Academic Technologies Group, Academic Information Systems (AcIS) Columbia University in the City of New York
_______________________________________________ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
