All, Thanks for the input on this so far. To clarify, [EMAIL PROTECTED] is exactly right in stating that I'm trying to stop the spoofing of my domain as the sender to my own domain (e.g. helpdesk@xyz to johnSmith@xyz where helpdesk is the spoofed sender). This is not an open relay server and the spam is not (as far as I can tell) as a result of any viruses guessing at accounts.
The primary concern is with stopping mail with my domain as the sender and my domain as the recipient if the sender IP is not within networks which I control. I don't want to give any "crackers" monitoring this mailing list any ideas (most likely they've thought of this already) but this makes the probability of someone opening up an email and executing an attachment much greater. In some testing me and some other guys did, it was trivial to send an email from an outside address with the sender spoofed to look like an internal, trusted source (the spoofing is very easy but knowledge of the internal account naming convention, etc. was a little bit more difficult to match). This would make it much easier for me to send an email from [EMAIL PROTECTED] requesting that [EMAIL PROTECTED] execute the attached file. Sure he might know not to execute attachments from other untrusted domains but would he not open this from his "own" helpdesk? The amount of knowledge to execute this attack would be somewhat trivial to obtain - simple Google searches would most likely return the email addresses for a targeted company. A very large % of typical users would never think to check SMTP headers - they likely don't even know what those are. I'm not sure that this problem can be resolved within sendmail config files but if anyone knows differently, please let me know. Thanks again, Jim > I think the original sender and several of the respondents may be > confusing 'spam with forged headers' with 'open relaying.' > > The original question was not about his relay being hijacked to send > spam, it was about mail coming IN to his company xyz.com for [EMAIL PROTECTED] > purporting to be from another sender at xyz.com when it really came from > somewhere else. That's NOT open relaying, that's forging headers and > there's not much you can do about it without breaking things (What if > [EMAIL PROTECTED] wants to use her xyz.com return address when she's sending > mail from home to [EMAIL PROTECTED] via her local ISP dialup -- Why would you > want to block that?) What's the difference if incoming spam has one > forged address or another anyway? It's still spam! > > 'Switching to Postfix', using a 'content security gateway,' or 'TLS' are > not going to solve this problem (forging of email headers). >
