04-05-2007 03:29 PM
I am trying to create a antispoofing rule using message filter feature.
It is like
if ( header("from") == "@*mydomain\\.com$" ) { apply anti-spoofing rules here; }
But the rough part is to be able to whitelist certain hosts, e.g., our partners.
For example:
AND ( header("Received") != "whitelist1|whitelist2...." )
Is there a better way to do this? My concern is that this will get very long and error prone over time.
Thanks,
Jack
04-05-2007 04:16 PM
I think the question is "what are you trying to achieve?"
04-05-2007 06:58 PM
What if you add all your partner ip addresses/domains to a sendergroup called 'partner_whitelist'.
Next, you can modify your existing filter to bypass spoofing checks from partner domains:
if (( header("from") == "@*mydomain\\.com$" ) AND (sendergroup != 'partner_whitelist'))
{ apply anti-spoofing rules here; }
04-06-2007 03:17 PM
I would also have a look at Knowledge Base Article 115. this describes some of the risks and gives a short explanation. You will find a short filter, too.
Dirk
04-09-2007 08:51 PM
I forget to mention these boxes are not internet facing. Has anyone tried to use the dictionary?
04-10-2007 07:33 PM
Dictionary matching should work as well.
This following example matches an email address in the “to” header and blind copies an administrator:
headerTest:
if (header-dictionary-match ('
bcc('administrator@example.com');
}
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide