Thank all for your inputs.
What happens is this:
My server is not Open Relayed and it has SPF and DOMAINKEYS in it and that
is working great. The problem is when a hacker has obtained the password
from an account, so, it can send emails authenticating with the account
that has been compromised. When a hacker has access to an account (I am
almost sure that any one on the list has seen this), he sends emails but
the FROM is changed to something that is not a domain on the server, that
is what I am looking to stop.
Maybe a rule that could check that the FROM is not the same as the
authenticated domain.
Could this be done?
Best Regards,
Sergio
On Wed, Aug 15, 2012 at 11:12 PM, David B Funk <dbf...@engineering.uiowa.edu
> wrote:
> On Wed, 15 Aug 2012, Sergio wrote:
>
> Hello all,
>> wondering if there could be a rule where the email that is delivered from
>> the server could be checked the FROM that the domain exist on the server,
>> Is it possible?
>>
>> What I am looking is to block any email that is send from my server that
>> is not using any of the domain accounts that belongs to that server.
>>
>> Thank you in advance.
>>
>> Best Regards,
>>
>> Sergio Cabrera
>>
>
> That sort of check is best done at the SMTP-server (MTA) level. How is SA
> to know who are the valid users on your system (including aliases,
> forwards, etc).
>
> Your SMTP server must know who your valid recipients are so it can reject
> unknown users and deliver the valid ones. So just apply the same kind of
> check to the From address (IE if domain === us, check to make sure user ==
> ours, else SMTP-REJECT). Details are MTA specific, but most have some kind
> of built in check for doing this sort of thing.
>
> The thing which SA can be used for is to hit forgery spam. IE if the
> 'From' domain is ours, and the sending host isn't one we bless, hit it.
> (If you have valid SPF records this is trivially easy to do).
>
> --
> Dave Funk University of Iowa
> <dbfunk (at) engineering.uiowa.edu> College of Engineering
> 319/335-5751 FAX: 319/384-0549 1256 Seamans Center
> Sys_admin/Postmaster/cell_**admin Iowa City, IA 52242-1527
> #include <std_disclaimer.h>
> Better is not better, 'standard' is better. B{
>
