[unisog] Rejecting incoming mail with from addresses in your own domain.

Jeffrey Altman jaltman at columbia.edu
Tue Jul 22 22:52:11 GMT 2003

Joseph Brennan wrote:

>>  The email had a From: header of DNAuser at auckland.ac.nz.
> Are you sure it didn't come in with a From: header of just
> DNAuser, with your own mail software appending @auckland.ac.nz
> to any unqualified addresses it sees?
> We reject mail with unqualified From headers.  It stops a lot
> of spam.
> We could not reject mail with @columbia.edu in the From.
> Plenty of our users are on ISPs worldwide and put their
> columbia.edu address as the sender.  This battle was lost
> long ago.  We have to accept this even if it is a "lie"
> about what account is sending the mail.
> Joseph Brennan         Columbia University in the City of New York
> Academic Technologies Group                   brennan at columbia.edu 

Many ISPs no longer allow connections to any SMTP server other than 
their own.
Any attempt to connect to port 25 on other hosts is simply blocked.  This is
to prevent hacked/wormed unmanaged machines from being used as sources 
which were resulting in e-mail from whole domains being blocked. 

Even if you could require that all of your users use S/MIME you still 
could not
block unsigned e-mails because many mailing lists will not accept signed 
or strip the signatures while leaving the mail headers in place.  :(

I think you are out of luck on this one.

Jeffrey Altman

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3590 bytes
Desc: S/MIME Cryptographic Signature
Url : http://www.dshield.org/pipermail/unisog/attachments/20030722/29df940c/smime-0003.bin

More information about the unisog mailing list