Simple Anti-Spam Request
Idea shared by Michael Muller - August 23, 2016 at 6:32 AM
Proposed

Recently there has been a spate of spam coming in to my server using local domains in the from. For instance, a customer of mine, (ie; localhardwarestore.com) is receiving several dozen emails From: accounting@localhardwarestore.com -- an email address that does not exist. I have the same problem on one of my own domains. Dozens per day. Especially of the "Your invoice" variety containing bad, bad attachments.

Can SM be modified to recognize local domains and do a check to see if the From: account exists, and if not, treat it as spam? Seems pretty simple.

All email servers should work like this, but of course that would be a massive performance hit.

---
Montague WebWorks
Powered by RocketFusion

4 Replies

Reply to Thread
2
Michael, this issue is very common and comes up all the time:
 
Look at the first thread above, and see Joe Wolf's reply. That should fix your problem.
 
The issue is the SmarterMail configuration is not simple.  The setting Joe referenced is hard to find, difficult to understand, and IMO should be eliminated. Instead, this existing check box at the domain level should require SMTP Auth for all users. Period.
Eliminating the local deliveries check box will make SM easier to set up and more hardened against spammers.
0
The emails coming in aren't originating on my server. They're coming in from the outside as every spam email does, yet the domain in the From: for these particular emails is a local domain. I have the SPF for every domain I host set to -all, which should stop them (since the emails obviously didn't originate on my server) but they're still getting through.

I'll check the links you provided to see if that helps.
---
Montague WebWorks
Powered by RocketFusion
0
Ok, the first one led me where I think I need to be:

Settings > Protocol Settings > SMTP In > check "Enable domain's SMTP auth setting for local deliveries" box.

I also saw this setting on that page: Require Auth Match. Possible values are None, Email Address, Domain. I found this in the help docs...

"Select this to force a user's From: address to match their SMTP authenticated address, either by matching the entire email address or by matching just the domain - or not requiring it at all. This setting helps keep senders from spoofing email addresses through email clients."

... although, now that I re-read it, it sounds like it's checking MY users behavior to make sure the From in their outgoing emails matches a real account on my server.

What I'd love is a setting that does this against the outside server's domain accounts, ie; an incoming email from stupidname@hotmail.com is checked against hotmail's server to ensure the address actually exists. This is certainly fraught with issues, I know, but it's a good way to nail down who's sending what.

I'll reply back here again to let you know if the "Enable domain's SMTP auth setting for local deliveries" setting did the trick.
---
Montague WebWorks
Powered by RocketFusion
0
The SMTP IN antispam settings page in my antispam document will probably help you figure this out further.
 
 
 
Bruce Barnes
ChicagoNetTech Inc
brucecnt@comcast.net

Phonr: (773) 491-9019
Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal: https://portal.chicagonettech.com
Website: https://www.ChicagoNetTech.com
Security Blog: http://networkbastion.blogspot.com/

Web and E-Mail Hosting, E-Mail Security and Consulting

Reply to Thread