I've only been using sendmail for a few months and have hit a
problem. I've had a lot of SPAM coming into my network with mydomain
in the mail from:<>.
I put a statement into access db to silently discard the mail. This
has helped but now there are a few parts of the company that have
legitimate reasons to spoof the address.
1) we are getting space on a colo network and don't outright own
address blocks there - i'd like the mail from:<> from these colo sites
to be 'mydomain.com' so they can send to internal mail aliases on a
mailman list serv.
2) HR has outsourced some function to a 3rd party who is now sending
emails internally to us again with the 'mydomain.com' in the mailfrom.
Can I set a rule in the access db to allow some domains to spoof?
I basically want to say something like "if from thatcolo.com or
thathrsite.com then allow spoof else reject spoofing of mydomain.com".
Does this require writing rule sets?
ps, Neither of these sites will be able to run DKIM or SPF (these
systems are out of my control and run by other sysadmin teams and in
case 2) - by another company).
I think that your best solution is to write a custom ruleset that
checks for your domain, a null sender, and the interface IP address
(which should be loopback [127.0.0.1] or [::1] or NULL). Otherwise,
the mail is coming from outside and is therefore forged.
If you have such mail originating at another server with permission,
then you probably need to check the incoming client's IP address too.