Block on Relay Data?



  • 1. changing From: header
    Hello All, I'm quite new to this MTA, MDA, sendmail, fetchmail, procmail stuff. Previously I had been using kmail. I only have one question. How do I send messages so that they appear to originate from my mailing address at my isp. As of right now, any email I send will appear to come from my machine. This may be because it did, but the problem in this is that RedHat9, my current distro, will not allow connections smtp from anyone other than localhost. Also, even though I could fix this, I would prefer to recieve my mail through fetchmail and imap rather than force users to type in my ultimatly much longer hostname. I've searched all the faq's and the man pages. Can someone help me? Thanks, James Leddy
  • 2. Denial of MIME (UUCP)
    Hello. How could I prevent MIME on a slow (2400 baud) UUCP link? I would like to be able to simply reject any message that contains MIME data BEFORE it is transferred. Rejecting it after it has been transferred is not an option. The objective here is to prevent the TRANSFER of large messages (as a single pissing lesbians pic will busy out the line for an hour). Is this possible with sendmail? I haven't seen any mention of it anywhere. cda
  • 3. how can i save a copy of incoming outcoming email?
    how can i save a copy of incoming outcoming email?
  • 4. Problems with From line and virtual hosting (help?0
    I have read the manual pages and the virtual hosting pages. Here is the problem: on my server I host various domains and some email only domains. All the users have local logins so they can use imap, etc... Let's say that I send a message with a From line of: XXXX@XXXXX.COM to: XXXX@XXXXX.COM the From line is getting re-written to: XXXX@XXXXX.COM (where is the domain name of the mail server). In genericstable I have written: paul XXXX@XXXXX.COM In generics-domains I have: in virtusertable I have XXXX@XXXXX.COM chris XXXX@XXXXX.COM paul I need to be able to maintain the from lines and not have them re- written. The correct from line " XXXX@XXXXX.COM " is actually showing up in the maillog but somehow is vanishing as the mail is processed. Can anyone shed any light on the problem? Thanks, -Chris

Block on Relay Data?

Postby administrator » Fri, 16 Apr 2004 08:29:02 GMT

I have observed that most virus mail (99% plus) is sent directly from the 
infected machine to the recipient mail server using SMTP server software  
built in to the virus. If a Sendmail server is only supposed to receive mail 
that is forwarded from another server, would I be correct in assuming the first 
packet after the DATA statement should always start with "Received: from", and 
that anything else would be virus or "unauthorized" traffic.

There does not appear to be any specific order with the rest of the header 
information, but the relay info at the top always appears to start this way. 
Just as with Spam, the engine could add false relay information, but such does 
not appear to be the case at present time, and I want to use this to block the 
current crop of nasties.

Any comments?

J.A. Coutts

Re: Block on Relay Data?

Postby Andrzej Adam Filip » Mon, 19 Apr 2004 20:34:35 GMT

1) There are many MTAs on the net, some are "broken" in incredible ways 
=> expect some false positives (very small number for most sites).

2) You suggestion would be easy to implement in milter
(e.g. mimedefang).

3) It will be very easy for viral worms to add Received: header and pass 
the  check

Andrzej [en:Andrew] Adam Filip  XXXX@XXXXX.COM   XXXX@XXXXX.COM 
 http://www.**--****.com/ ://
*Random Epigram* :
We tried to close Ohio's borders and ran into a Constitutional problem.
There's a provision in the Constitution that says you can't close your
borders to interstate commerce, and garbage is a form of interstate commerce.
	-- Ohio Lt. Governor Paul Leonard

Return to mail


Who is online

Users browsing this forum: No registered users and 18 guest