configuring sendmail to reject spoofed email addresses

Cowles, Steve steve at stevecowles.com
Tue Jul 20 15:03:32 UTC 2004 

Donald Tyler wrote:
> Hi,
> 
> Like everyone else, our junkmail is getting horrendous. Most of the
> emails we receive use an email for the "From" section of the header,
> but it doesn't match the email in the "Return-Path" section.
> 
> My question is this:
> 
> Is there anyway to configure sendmail so that if there is an email
> address in the "From" section, and it does not match the
> "Return-Path" section, for it to reject the email?
> 
> Thanks in advance
> 
> 
> Donald Tyler

Donald,

First, I no longer use sendmail as my MTA, so I can't answer your question
directly. I now use postfix.

Second, if I understand your post correctly, you are wanting to configure
sendmail to test against the "Return-Path" header. According to RFC-822,
this particular header entry is added by the LDA (like procmail), not
sendmail.

Third, So that you can ask your question using terminology that everyone
will understand, look at the following sections of an e-mail... Basically an
e-mail is broken up into envelope, header and body sections.

# telnet mail.mydomain.com 25
220 mail.mydomain.com ESMTP Postfix (2.1.1)  --> Start of envelope
helo mail.remote_mta.com
250 mail.mydomain.com
mail from: <scowles at mydomain.com>            --> envelope from
250 Ok
rcpt to: <scowles at mydomain.com>              --> envelope to
554 <scowles at mydomain.com>: Envelope address rejected, Go Away!
rset                                         --> Lets start over
250 Ok
mail from: <steve_cowles at other.com>          --> envelope from
250 Ok
rcpt to: <scowles at mydomain.com>              --> envelope to
250 Ok
data                            --> End envelope, start header
354 End data with <CR><LF>.<CR><LF> 
From: Steve Cowles <steve_cowles at other.com>   --> Header from
To: Steve Cowles <scowles at mydomain.com>       --> Header to
Subject: This is a test.                      --> Header subject
                           --> Blank line, end header, start body
This is line 1 of body.
This is line 2 of body.
.                          --> End body, submit to defined mailer
250 Ok: queued as ADAF839CA
quit
221 Bye

Note the 554 reject line
  554 <scowles at mydomain.com>: Envelope address rejected, Go Away!

I have postfix configured to reject anyone claiming to be from mydomain.com
when specified as the envelope from address, not the header from. 

Is this possibly what your wanting sendmail to test?

BTW: If I was to test the header from for mydomain.com, then I could no
longer accept e-mail from the redhat list servers. Check the headers of this
e-mail.

Hopefully the above will help you understand exactly what you want to test
and give you some pointers on where to implement this in sendmail. If I
remember right, the /etc/mail/access file tests the envelope from/to
addresses. i.e.

mydomain.com	REJECT

This is basically how I configure postfix, but I also have to allow SMTP
AUTH clients to specify an envelope sender being from mydomain.com.
Fortunately, postfix works on the basis of the "First Test Wins" methodolgy.
So the ordering of my tests is critical.

Steve Cowles

More information about the redhat-list mailing list