On Tue, 28 Nov 2006, Steven W. Orr wrote: > =>First off, what exactly do you mean by "does not exist"? The domain > =>is not registered? Or the username is not valid within the domain? > > Sorry, I was afraid this might not be clear. I want to find a way > to reject/tag all messages that come From the syslang.net domain > (I am that domain) which are From a user which does not exist. I'm > not talking about messages coming in that have a From address that > is not syslang.net.
Ah. I don't know if there's a way to do that in sendmail. I do filtering something like that, but I use milter-regex. I'll describe what I do: I have one public MTA for my domain. Mail from: an address in my domain will only ever originate from that MTA, and will only be fed in from the private side, so I reject *anything* claiming to be from my domain that is coming into the public side. My server is hosted, and all my outbound mail gets to it via an SSH tunnel, so the client IP will always be 127.0.0.1 - if you are getting messages from a local network, this should still work. If you accept outbound mail mail from roaming users (e.g. via SMTP AUTH), my solution may not work for you. Here's what I have at the top of my milter-regex file: accept # use your private-side network range here connect // /^127\.*/ reject "Malformed HELO (not a fully-qualified host name, there is no dot)" helo /\./n reject "Please use your real hostname in your HELO - private networks not valid" helo /^\[?10\./e helo /^\[?192\.168\./e helo /^\[?172\.(1[6-9]|2[0-9]|3[0-2])\./e reject "Please use your real hostname in your HELO - you are not me" helo /impsec\.org/i helo /^localhost(\.localdomain)?$/ie reject "Sender forgery - you are not me" envfrom /@impsec\.org/i envfrom /@ga\.impsec\.org/i envfrom /@www\.impsec\.org/i envfrom /@mail\.impsec\.org/i header /From/i /[EMAIL PROTECTED]/i header /From/i /[EMAIL PROTECTED]/i header /From/i /[EMAIL PROTECTED]/i header /From/i /[EMAIL PROTECTED]/i This works well for me, except in the cases where somebody else's MTA accepts a message forged as being from and to my domain, can't deliver the forged message to me, and delivers the sender's bounce. :( -- John Hardin KA7OHZ http://www.impsec.org/~jhardin/ [EMAIL PROTECTED] FALaholic #11174 pgpk -a [EMAIL PROTECTED] key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 ----------------------------------------------------------------------- "Bother," said Pooh as he struggled with /etc/sendmail.cf, "it never does quite what I want. I wish Christopher Robin was here." -- Peter da Silva in a.s.r ----------------------------------------------------------------------- 27 days until Christmas
