On Fri, 31 Oct 2003 16:11:24 +0100 Erik Dörnbach <doernbach@elge.de> wrote: > ...there are some guys using our server against us, > by simply opening an smtp connection to us, pretending to be > "someone@aaa.com" and sending mail to "someoneelse@aaa.com" - sendmail > doesn't see this as a relay or abuse by default. Well, it's not a relay, period. Your receiving mail for your domain, not passing mail from one MTA to a different one. > How can I make sure the only hosts allowed to send in the name of > "aaa.com" belong to a certain network/IP range? Guess I missed out a > feature or something? Not as far as I'm aware. That's just SMTP - MTA's don't have any way of verifying a from address. You could, if you're sufficiently motivated, probably set up something with Milter that would drop messages from aaa.com that don't belong to a certain IP range. But I don't really see the point. Someone could still spoof the aaa.com from address on other MTA's, or could just connect to yours and spoof a from address from some other domain. AFAIK, the only point of doing what these guys are doing is getting past a spam filter that whitelists aaa.com. Also, see the link below as to why this is not a good idea. > Also how can I avoid having mail with empty > sender addresses entering the queue? You don't. See the following for answers to that, as well as some of what you asked above: http://www.sendmail.org/~ca/email/ube-questions.html -- Todd Pytel ---------------------------------------- Signature attached PGP Key ID 77B1C00C
Attachment:
pgpO0yjULyqLn.pgp
Description: PGP signature