Block other domains

Hi,

> What we are starting to see in our mail.log_current

> is users sending e-mail that is not generated from

> our domain. A better explanation. Say our domain is

> abc.com. We are seeing user modify their mail

> clients to say the mail is from xyz.com. Because the

> mail client is internal, the mail is allowed to be

> sent.

By internal, I assume you mean is defined as internal based on the INTERNAL_IP mapping table?

Also, do you know why users are doing this. If they have a good reason, why stop it?

> What we would like to do is to only allow mail sent

> from abc.com to be sent and all other mail domains to

> be rejected. This is what we are currently looking

> at doing:

>

> ORIG_SEND_ACCESS

>

>tcp_*|*@abc.com|*|* $Y

> tcp_*|*|*|* $N

-> I wouldn't recommend this, the second line is going to block _all_ email that doesn't come from @abc.com, that includes email from outside your organisation (tcp_local e.g. from gmail.com) to your local users.

> tcp_local|*|tcp_local|* $N$D30|Relaying$ not$

> allowed

> tcp_*|*|native|* $N

> tcp_*|*|hold|* $N

> tcp_*|*|pipe|* $N

> tcp_*|*|ims-ms|* $N

>

> Would this work or is there a better solution?

I go with what Jay said. If you can enforce smtp authentication, then you could at least add for example a "Sender" header to the email so the recipient knows the 'real' address of the sender.

Force rewriting the From: address is not advised as it will cause customer complaints due to their emails being changed 'big-brother' style.

Forcing authentication gives you the option of finding out exactly who is sending the email using a different address (log the username used to authenticate) and then you send a polite 'please explain' email. I have found this to be personally the most effective path in the past.

Regards,

Shane.

shane_hjortha at 2007-7-12 0:51:57 >