From owner-freebsd-questions@FreeBSD.ORG Wed Aug 27 19:06:43 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D5450106566B for ; Wed, 27 Aug 2008 19:06:43 +0000 (UTC) (envelope-from eagletree@hughes.net) Received: from smtprelay.b.hostedemail.com (smtprelay0223.b.hostedemail.com [64.98.42.223]) by mx1.freebsd.org (Postfix) with ESMTP id 981FD8FC16 for ; Wed, 27 Aug 2008 19:06:43 +0000 (UTC) (envelope-from eagletree@hughes.net) Received: from filter.hostedemail.com (b-bigip1 [10.5.19.254]) by smtprelay06.b.hostedemail.com (Postfix) with SMTP id 65C8D4D739; Wed, 27 Aug 2008 19:06:42 +0000 (UTC) X-SpamScore: 1 X-Spam-Summary: 50, 0, 0, a40fc9570c259f87, 27cf8f53ff0e106e, eagletree@hughes.net, , RULES_HIT:355:379:541:564:599:601:945:946:966:967:973:980:988:989:1260:1261:1277:1311:1313:1314:1345:1359:1437:1515:1516:1518:1534:1542:1593:1594:1711:1730:1747:1766:1792:2196:2199:2393:2525:2553:2561:2564:2682:2685:2693:2829:2857:2859:2892:2915:2933:2937:2939:2942:2945:2947:2951:2954:3022:3027:3355:3636:3865:3866:3867:3868:3869:3870:3871:3872:3873:3874:3934:3936:3938:3941:3944:3947:3950:3953:4250:4385:5007:6119:7652:7679:7861:7901:7903:7974:8957:9010:9025, 0, RBL:none, CacheIP:none, Bayesian:0.5, 0.5, 0.5, Netcheck:none, DomainCache:0, MSF:not bulk, SPF:, MSBL:none, DNSBL:none Received: from [192.168.0.3] (dpc6744118153.direcpc.com [67.44.118.153]) (Authenticated sender: eagletree@hughes.net) by omf07.b.hostedemail.com (Postfix) with ESMTP; Wed, 27 Aug 2008 19:06:32 +0000 (UTC) In-Reply-To: <48B57570.9040707@ibctech.ca> References: <48B566EA.2000406@pukruppa.net> <48B57570.9040707@ibctech.ca> Mime-Version: 1.0 (Apple Message framework v753) Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: Content-Transfer-Encoding: 7bit From: Chris Pratt Date: Wed, 27 Aug 2008 12:06:24 -0700 To: FreeBSD-Questions X-Mailer: Apple Mail (2.753) X-session-marker: 6561676C6574726565406875676865732E6E6574 Cc: Peter Ulrich Kruppa Subject: Re: Spam sent to me from my own mail server ? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Aug 2008 19:06:43 -0000 > Peter Ulrich Kruppa wrote: >> Hello, >> for some time now I keep receiving spam mails from my own (small) >> mail server, some of them with faked usernames some of them even >> with my own (ulrich@...). > > Matthew's message beat me to the response but I had typed one. There are some great tools for this and many are in ports. SPF and these do work. Here is what has been sitting in my drafts, it may have some additional value. ... I don't worry much about what I receive that is forged because I'm reasonably sure that I didn't send it nor were my servers leveraged. I monitor heavily. On the other hand, I do make certain that others aren't receiving spam thinking it's from my domains. SPF helps with this, information is available on www.openspf.org. This doesn't stop forgery, but it does give a tool to the receiver to verify what email is actually from your domain and email server. It's implemented very easily in your DNS entries. SPF is you telling the world that you authorize your domain to send email only from a specific set of servers (or a specific server). After you implement SPF, after a few weeks, they will generally stop using your domain because it's too frequently rejected by receivers. It becomes less in their interest to forge your domain so they go pick on someone else. If you DO want to stop people using your domain in sending to YOU, there are several tools to use in conjunction with sendmail to do this. I use MailScanner which is available within ports. If there are no relays involved in how you receive mail, this works because SpamAssassin (automatically installed with MailScanner) will see if the email you are receiving matched SPF. Yours and everyone elses. There are good docs on the net for using FreeBSD, sendmail, and MailScanner and it's dependencies. If you can't find them, try this: http://bio.fsu.edu/~sysalex/freebsd-mail-server.htm If you are going to run a mail server, it's good to have spam and virus defenses installed. There are more direct methods of actually rejecting forged emails within sendmail. You will find a list of these on the SPF site under "implementations". These tools may or may not be in ports. You will have to check on that. They make use of the milter interface within sendmail. The spf mail list is extremely helpful and professional if you have questions on this. You can join this list on their site. I'm not pushing their site or this draft standard, it's that SPF has worked pretty well for what it does and it's open method of dealing with the problems.