[OT] spam and sendmail configuration

[Sarah Reichelt]

On Mon, Jan 12, 2009 at 7:56 AM, viktoras d. <viktoras at ekoinf.net> wrote:
> Sorry, this is quite OT, just I am desperately seeking an advice. Could
> anyone please suggest a good resource on sendmail access file configuration
> with exhaustive samples on fighting spammers (I googled, found something,
> still looking for the "best" one). A few days ago I started receiving lots
> of  spam with forged FROM address as if it was sent from my own domain,
> which I think should be impossible because my sendmail is configured to NOT
> relay anything, and I am using ISP's mailing server to send my mails which
> is secure, password protected, and so on... Tested my domain with
> http://verify.abuse.net/cgi-bin/relaytest, it says all tests performed, no
> relays accepted. Still I was receiving spam from "myself" and other "domain
> users" each time with different name... Yesterday configured sendmail's
> access list to reject any of those "alien names", and they stopped appearing
> in my inbox, but today I received twice as much spam from other sources and
> also from "myself". So, I would appreciate any good advice on how to best
> deal with this problem at the mail server (on Linux) level.
>
> Is it possible to define more complex rules in the sendmail's access file ?
> I know about blackhole service, just looking for other options.


I don't think this mail really is coming from your server, it's just
the FROM address is being spoofed from another server. If you look at
the raw source of one of these emails, you should be able to confirm
that. In this case, there is nothing you can do on your sendmail setup
to stop it. My web host service which also handles all the emails
addressed to my domain, offers SPF which seemed to reduce this problem
when I activated it. As far as I can tell, it doesn't stop any
legitimate emails, so that might be worth checking out.

Cheers,
Sarah