Spam Filter ISP Support Forum

  New Posts New Posts RSS Feed - Local Domain
  FAQ FAQ  Forum Search   Register Register  Login Login

Local Domain

 Post Reply Post Reply
Author
ssullivan View Drop Down
Newbie
Newbie


Joined: 02 February 2006
Location: United States
Status: Offline
Points: 9
Post Options Post Options   Thanks (0) Thanks(0)   Quote ssullivan Quote  Post ReplyReply Direct Link To This Post Topic: Local Domain
    Posted: 20 March 2008 at 6:41pm
If all of my users are connecting directly to my exchange server to get there emails and send emails back and forth to one another, why would I need to allow incoming email from someone in my Domain.  I would think that these would be spoofed addresses and bad to begin with.
Back to Top
jerbo128 View Drop Down
Senior Member
Senior Member
Avatar

Joined: 06 March 2006
Status: Offline
Points: 178
Post Options Post Options   Thanks (0) Thanks(0)   Quote jerbo128 Quote  Post ReplyReply Direct Link To This Post Posted: 20 March 2008 at 9:49pm
If you have only one mail server that handles all mail for your domain, then you are probably right.
 
Myself, I have a couple of mail servers, and a couple of web servers  which generate emails - all at different physical locations - all of which could be using the same domain.  So we want to allow mail from our own domains.
 
Jeremy
Back to Top
ssullivan View Drop Down
Newbie
Newbie


Joined: 02 February 2006
Location: United States
Status: Offline
Points: 9
Post Options Post Options   Thanks (0) Thanks(0)   Quote ssullivan Quote  Post ReplyReply Direct Link To This Post Posted: 07 April 2008 at 7:19pm
So I come back to the question, how could I block emails that are showing a from my domain (@domain.com) but not affect the one going to my domain.  Example
Block an email from g@domain.com to ssullivan@domain.com
Back to Top
LogSat View Drop Down
Admin Group
Admin Group
Avatar

Joined: 25 January 2005
Location: United States
Status: Offline
Points: 4068
Post Options Post Options   Thanks (0) Thanks(0)   Quote LogSat Quote  Post ReplyReply Direct Link To This Post Posted: 07 April 2008 at 7:43pm
Simple. With SpamFilter, enable the option "Reject if From Domain = To Domain" (see http://www.logsat.com/sfi-spam-filter-screenshots/sfi-filtering-options.asp for a screenshot of this setting). You can also configure SPF (Sender Policy Framerwork - see openspf.org) for your domain. SPF will allow you to control exactly what servers and what IPs are allowed to use your domain name when sending emails, providing you with even more flexibility than the 1st option.
Roberto Franceschetti

LogSat Software

Spam Filter ISP
Back to Top
ssullivan View Drop Down
Newbie
Newbie


Joined: 02 February 2006
Location: United States
Status: Offline
Points: 9
Post Options Post Options   Thanks (0) Thanks(0)   Quote ssullivan Quote  Post ReplyReply Direct Link To This Post Posted: 10 April 2008 at 6:19pm

Roberto:

I enabled the option "Reject if From Domain = To Domain"  This did not change anything.  The spam filter is still allowing emails that are saying they are coming from my domain when they can't be.  Any ideas, could it be because I have my domain set up in the local domain list thatit will bypass this rule?

Back to Top
jerbo128 View Drop Down
Senior Member
Senior Member
Avatar

Joined: 06 March 2006
Status: Offline
Points: 178
Post Options Post Options   Thanks (0) Thanks(0)   Quote jerbo128 Quote  Post ReplyReply Direct Link To This Post Posted: 10 April 2008 at 8:14pm

Ssullivan,

You have to have your domain in "local domains" in order to receive mail.

I would check to see if users have whitelisted themselves or other users at your domain in autowhitelistforcedelivery.

I had a real problem with users doing this.  They would see an email in quarantine that had their own "from" address (forged).  Most could not resist clicking "deliver", thus creating the whitelist entry.  I created a scheduled SQL task that goes through and removes and entires from autowhitelistforcedelivery where the user has whitelisted themselves.  Along with SPF, this has all but eliminated the forging address problems we had.

Jeremy



Edited by jerbo128 - 10 April 2008 at 8:15pm
Back to Top
LogSat View Drop Down
Admin Group
Admin Group
Avatar

Joined: 25 January 2005
Location: United States
Status: Offline
Points: 4068
Post Options Post Options   Thanks (0) Thanks(0)   Quote LogSat Quote  Post ReplyReply Direct Link To This Post Posted: 10 April 2008 at 10:07pm
ssullivan,

I'm afraid we're confused. Your first post asked "why would I need to allow incoming email from someone in my Domain". The following question is "how could I block emails that are showing a from my domain", and form the last it appears you added your domain to the domain whitelist.

If you can please let us know more specificaly what the issue(s) are, we can help better.

In the meantime, I'll take a stab at interpreting the three questions.

SpamFilter will only accept and deliver emails to the domains you own. These domains must be added to the "Local Domains" in SpamFilter. Only if an email is addressed to a domain in this list it will be accepted for delivery, pending it passes all the other filtering rules. This is not a whitelist, it simply tells SpamFilter that these domains belong to you, and SpamFilter can start examining receiving the email to then check it for spam. If an email arrives that is not addressed to these domains, it will be immediately rejected.

Often spammers will fake their address by using your domain in the "From" of an email. If you enable the "Reject if From Domain = To Domain" option, or better yet, implement SPF in your DNS, these emails will be blocked.

If you add your own domain in the "Whitelisted Domains" whitelist - which note is different than the "Local Domains", then you are effectively whitelisting any incoming email to your domain which has as a sender an address belonging to your domain. Thus all the spam which fake your domain as the sender will bypass all filtering rules.
Roberto Franceschetti

LogSat Software

Spam Filter ISP
Back to Top
 Post Reply Post Reply
  Share Topic   

Forum Jump Forum Permissions View Drop Down



This page was generated in 0.078 seconds.