Great Circle Associates List-Managers
(September 1996)
 

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: Re: Help with Forgeries
From: Brad Knowles <brad @ his . com>
Date: Sun, 8 Sep 1996 01:31:32 -0400
To: Jody Boyd <tcs @ earthlink . net>, list-managers @ GreatCircle . COM
In-reply-to: <3 . 0b11 . 32 . 19960901204844 . 006abf80 @ earthlink . net>

At 8:49 PM -0400 9/1/1996, Jody Boyd wrote:
>We're getting attacked by someone that is forging their e-mail name to be
>those that are valid for the list. We're pretty sure we know who it is and I
>have tweaked SendMail to not allow messages from his domain. HOWEVER, this
>is based on a FROM: filter.
>
>I know it's been asked many times before, but if anyone has suggestions on
>how to block e-mail based on the domain listed in the MSGID or path or with
>sendmail, please let me know.

	I know of no tools that let you refuse connections based on parts
of the "body" of the message (including most of what you and I
consider to be the headers) while the SMTP connection is open.

	In the case of sendmail, it doesn't even begin to examine the
headers of the message until after it has accepted it from the other
end, so you couldn't "refuse" the message even if you wanted to.  You
could try to use something like procmail (or whatever) to /dev/null
or bounce messages with certain header information, but that's a
different issue.


	I've argued with Ned Freed (author or co-author of 14 Internet
email RFCs, and someone you could consider to have literally written
the book on the subject) that tools of this sort are necessary, but I
haven't convinced him.  I have convinced some of his co-workers at
Innosoft (makers of PMDF, the software the White House uses to
process their Internet email) that the tools that PMDF has already
are virtually useless, and there's not really much sense in trying to
use them to block incoming email.

--
Brad Knowles,                                  MIME/PGP: brad @
 his .
 com
    comp.mail.sendmail FAQ Maintainer     <http://www.his.com/~brad/>
        finger brad @
 his .
 com for my PGP Public Keys and Geek Code
The comp.mail.sendmail FAQ is at <http://www.his.com/~brad/sendmail/>




Follow-Ups:
References:
Indexed By Date Previous: Re: AOL forced to accept spam
From: alancz @ ix . netcom . com (Alan Czarnek)
Next: Re: Sendmail
From: Brad Knowles <brad @ his . com>
Indexed By Thread Previous: Help with Forgeries
From: Jody Boyd <tcs @ earthlink . net>
Next: Re[2]: Help with Forgeries
From: "Brian J. Murrell" <brian @ ilinx . ilinx . com>

Google
 
Search Internet Search www.greatcircle.com