Re: SPF-compliant phishing?

On Sat, 18 Sep 2004, Alan Batie wrote:

On Fri, Sep 17, 2004 at 11:49:24AM -0400, Scott Kitterman wrote:

Yes.  Absolutely.  Problem is, how many commercial SMTP operators do that
today?  Answer near as I can tell is almost none.  More and more are doing
the authentication, but allowing clients to use non-local addresses, but
only ones that belong to them seems to be very rare.


As far as I know, the software doesn't support it.  Point me at instructions
for getting sendmail and/or postfix to do that and I will.  Granted, I'm
small potatoes, but I'll bet that's the case for a lot of others too.


For sendmail, use a milter.  At envfrom, lookup auth user and mail from domain
in config database to see whether authorized.  About a dozen lines in Python
milter.  I will code it up for you if you are interested in using Python
milter with sendmail.  Python milter is used by some high volume mail sites.
You would, however, have to plug in a suitable database for the lookup 
if used for high volume.

http://bmsi.com/python/milter.html

Here is an untested quick idea of what's involved.  You'll probably want
to test SPF and other stuff too.

def parse_addr(t):
  if t.startswith('<') and t.endswith('>'): t = t[1:-1]
    return t.split('@')

def valid_domain(domain,user):
  "Check whether domain is authorized for SMTP_AUTH user."
  # Add lookup here
  return True

class bmsMilter(Milter.Milter):
  def connect(self,hostname,unused,hostaddr):
    self.auth_user = self.getsymval('{auth_authen}')
    return Milter.CONTINUE

  def envfrom(self,f,*args):
    self.log("mail from",f,args)
    t = parse_addr(f.lower())
    if len(t) == 2:
      user,domain = t
      if not valid_domain(f,self.auth_user):
        self.log("REJECT: unauthorized domain: ",domain)
        self.setreply('550','5.7.1',
          'You are not authorized to use the domain %s' % domain)
        return Milter.REJECT
    return Milter.CONTINUE

-- 
              Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
    Business Management Systems Inc.  Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flamis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.

<Prev in Thread]	Current Thread	[Next in Thread>
Re: SPF-compliant phishing?, (continued) Re: SPF-compliant phishing?, Jonathan Gardner RE: SPF-compliant phishing?, Scott Kitterman RE: SPF-compliant phishing?, Stuart D. Gathman RE: SPF-compliant phishing?, Scott Kitterman RE: SPF-compliant phishing?, Tony Finch RE: SPF-compliant phishing?, Scott Kitterman Re: SPF-compliant phishing?, Alan Batie Re: SPF-compliant phishing?, Paul Ficinski Re: SPF-compliant phishing?, Alan Batie Re: SPF-compliant phishing?, John A. Martin Re: SPF-compliant phishing?, Stuart D. Gathman <= RE: SPF-compliant phishing?, guy RE: SPF-compliant phishing?, David Woodhouse Re: SPF-compliant phishing?, Stuart D. Gathman Re: SPF-compliant phishing?, David Woodhouse Re: SPF-compliant phishing?, Nico Kadel-Garcia Re: SPF-compliant phishing?, David Woodhouse Re: SPF-compliant phishing?, Nico Kadel-Garcia Re: SPF-compliant phishing?, Tony Finch Re: SPF-compliant phishing?, Nico Kadel-Garcia Re: SPF-compliant phishing?, Mike Markley