Yesterday, I had a spam come in, in which I noticed the MessageID
contained my own domain. Since the originating MTA is responsible for
generating the MessageID, and since the message came from the outside, I
added the following in sub filter() of my mimedefang-filter last night.
Over night, it caught about 20 messages.
if ($MessageID =~ /[EMAIL PROTECTED]>$/i && !Exclude_FromInternal() &&
!Exclude_FromDmz()) {
md_syslog 'info', "bogus_MessageID: Originating MTA claims to be
us in MessageID $MessageID.";
return ('REJECT', 'Originating MTA can not claim to be us in
MessageID.');
}
1. Are you sure it actually came in with that Message-ID? Sendmail
adds one if there is not one present and the added one will of course
have your host's name in it. I forget whether it has been added
already at milter stage.
2. If a host generated Message-IDs with the name of the recipient
domain in them, does that violate any standard? I agree that it
looks spammy, and SpamAssassin scores for this, but I am not sure
mail should be rejected as a general rule.
3. Some client software does not create Message-ID and relies on the
smtp server to generate it. This includes both PC mail clients and
also some PC products that generate mail from databases. A host that
acts as smtp server needs to recognize any such permitted use-- perhaps
by IP address or by detecting use of smtp auth.
Joseph Brennan
Academic Technologies Group, Academic Information Systems (AcIS)
Columbia University in the City of New York
_______________________________________________
Visit http://www.mimedefang.org and http://www.canit.ca
MIMEDefang mailing list
[EMAIL PROTECTED]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang