Re: Blocking forged mail from my domain

From: Nico Kadel-Garcia (nkadel_at_comcast.net)
Date: 01/29/04 

Date: Thu, 29 Jan 2004 08:03:16 -0500

[ I'm cross-posting over to comp.os.linux.security, since this is for a
Linux box and someone over there may have a hint about this. Followups are
re-directed to comp.mail.sendmail.]

"John Coutts" <administrator@spam.yellowhead.com> wrote in message
news:101flbfq9lujb55@corp.supernews.com...
> In article <iIydndwo5_W6K4rdRVn-vA@comcast.com>, nkadel@comcast.net
says...
> >
> >What I'd really like to do is configure sendmail to detect if email
> >allegedly from "mydomain.com" is really from the IP space allocated for
my
> >domain, and if it's not dump it on the floor. In theory, I can do this
with
> >the new "SPF" tools at spf.pobox.com, but actually integrating it into
> >sendmail is not well-documented. I do have DNS control over the domain in
> >question: has anyone actually integrated this into sendmail in the field?
Or
> >does anyone else have some clever "sendmail.mc" or "sendmail.cf" settings
to
> >correctly dump incoming mail for "mydomain.com" if it is not from my
> >designated IP address range?
> >
> **************** REPLY SEPARATER ****************
> Stage 2 implementation of SPF has some problems that many people do not
care
> for (forced use of SASL & problems with mail forwarding). However, stage 1
> implementation has a fair bit of potential by way of using it to flag
potential
> Spam.

Any email not from my specified address range that has my domain as the
From: address is spam. Period, end of sentence. I really need to implement
this because the spammer's are using the faked "From: spammer@mycomain.com"
to help whitelist their email "To: sucker@mydomain.com". This problem is not
going away.

> I have designed my own Black List server with both dynamic and static
block
> lists. Rather than using the access.db to block entire "C" class domains,
it is
> far more efficient to build it into the Black List server and use full
masking
> to block less than "C" class domains. Pretty well all blocking in our
system is
> now handled by by our Black List server, off loading that task from the
mail
> server. Unfortunately, the mail server still has to handle the actual
> connections.

Which is, unfortunately, fairly useless to me. The blacklists are useful but
are fairly easy to evade with all the available open proxies and
zombie-infected SMTP gateways the spammers have been planting on
unsuspecting people's home machines. This is a very specific step that will
give a 20% or better improvement in the remaining spam that is getting
through.

> If SPF gets widely implemented (stage 1), I will be able to block very
broad IP
> ranges while using a White List to except legitimate mail servers that
have
> properly formatted SPF records. It is not as good as having all MX servers
> registered similar to DNS servers, but it is workable.
>
> J.A. Coutts
> Systems Engineer
> MantaNet/TravPro

Stage 1 is completely useless until and unless you can *ACTUALLY GET IT INTO
YOUR MTA*, which is what I was looking for help with. Unless someone out
there has actually gotten it working with the more common MTA's, it's
vaporware, which is not what I expected from Eric Raymond's talk at MIT a
few weeks ago. (I was there.)

Why do I get the feeling I'm going to have to write the checklist for
getting it implemented in sendmail, which looks something like this:

    1: Recompile sendmail with the appropriate flags in site.conf to enable
the "miltre" feature.
    2: Dodge and weave your way through all the published perl modules to
compile the "Sendmail::Miltre" module. This actually requires having the
sendmail source laid out and given as a variable to the Makefile generation.
    3: Grab the Sendmail::Miltre::SPF widget from spf.pobox.com.
    4: Then a miracle occurs....

Step 4 is still a bit fuzzy, there. Hasn't anyone else gone through this?

Relevant Pages

  • Re: Outlook wont send large attachments
    ... the one operating your own personal mail server. ... header to the e-mail client while they interrogate the message but that only ... the timeout due to excessive delay. ...
    (microsoft.public.outlook)
  • RE: No delivery report 4.4.7
    ... mail.rabarberlandet.dk is a mail server host on our ISP. ... Please let me know where the mail.rabarberlandet.dk host on. ... Microsoft CSS Online Newsgroup Support ...
    (microsoft.public.windows.server.sbs)
  • Re: Is a DC needed Here?
    ... Yes I FULLY agree with you I want the file server for the mail but there are ... the mail you can create accounts just in the mail server DB alone. ... My mail server does not require AD ... because a mailbox is a difinitive object. ...
    (microsoft.public.windows.server.active_directory)
  • Re: help understand relaying and authentication
    ... Bharat Suneja ... MVP - Exchange ... access on the SMTP virtual server that receives internet mail, ... mail server, then other mail servers fail to send email to me... ...
    (microsoft.public.exchange.admin)
  • Re: help understand relaying and authentication
    ... This allows internet mail hosts to send you mail. ... access on the SMTP virtual server that receives internet mail, ... Current versions of Exchange are configured out of the box with relaying ... mail server, then other mail servers fail to send email to me... ...
    (microsoft.public.exchange.admin)