Re: 3 suggested rules regarding forged local ad

[ha...@t-online.de]

> (We use SA (currently 2.64) called from procmail-delivered sendmail on
> Solaris systems.  We get something over 100K msgs/day.  Most of our mail
> is addressed using @ our local domain.)
>
> Three suggested rules:
>    1)  Detect mail allegedly from a local address that is invalid
> (should get a high score)
>    2)  Detect mail that has multiple invalid local addresses in the To:
> and CC: fields  (should get a medium score for 2 or more)
>    3)  Detect mail for which the From:, To:, and CC: fields contain
> known or unknown display-names corresponding to local addresses.
>

Hi,

we are not an open relay, so our outside users (those that use outlook etc. to send mail
with an @domain address through this server) are required to either fetch mail from the same ip,
or authenticate. Consequently these clients are set up to always authenticate, for both local
and remote recipients
So I have just changed the MTA to refuse unauthenticated mails from local senders,
with possible execptions for known IPs or IPs on the locat net

Unlike SA based approach, these messages do not cost bandwidth in the first place

Wolfgang Hamann