How to validate a sender before forwarding email.

Forum Moderators: bakedjake

Message Too Old, No Replies

How to validate a sender before forwarding email.

Is there a way to do this?

ChrisCBA

6:29 pm on Aug 3, 2005 (gmt 0)

I’ve created an email forwarder using my hosting control panel. The email address forwards email sent to it to a small group of recipients (under 30). Problem is email harvesting bots somehow got a hold of this email address, so now my group is getting spammed.

Is there a way to do a simple validation (a whitelist check) on the email sender before it gets forwarded to the whole group? That way if the sender isn’t in the whitelist the email won’t go through?

Like I said earlier I set this forwarder up via the control panel of the hosting account. The server is running apache, and supports PHP, Perl & others. I don’t want anything complicated (such as a mailing list), just the ability for anyone in the group to email a single address and that email will be forwarded onto everyone within that group.

Thanks for your help

MattyMoose

7:04 am on Aug 4, 2005 (gmt 0)

AFAIK, There isn't, really... That would solve 90% of the spam out there, considering that most spam emails come from forged FROM: headers...

I don't think you'll be able to do much.

The script (or whatever) you'd have to write would have to connect to the sending domain's MX servers (DNS lookup -- oft times are not valid), try to send an email to them, in the hopes that the domain's mail server rejects the email right away (no such recipient), rather than accept it and store it, or later return a "Recipient unknown" email to the source address.

Pretty nasty, complicated, and VERY time-consuming stuff (in terms of SMTP transaction length)... I've tried to think of a way around that sort of thing as well, but it's near impossible, AFAIK. :(

StupidScript

10:28 pm on Aug 4, 2005 (gmt 0)

Matty's right. It's a mighty tough nut to crack.

Another of the big problems is roaming users. If you've got someone who connects from a hotel in Singapore instead of their home in Seattle, their email address would be fine, but the mail server would not be.

So, accomodating roaming users, you could just accept the valid From address ... but it's less than child's play to set up an emai client to send From and Reply-to headers that match your list in the group.

If it were easy, it would have been done by now, probably.

ChrisCBA

10:52 pm on Aug 4, 2005 (gmt 0)

Thanks for the info so far. Obviously verifying the email of a unknown sender or even a “spoofed” from field would be too difficult, but I’m not entirely sure I need something that advanced.

What I really need is a way to verify that the senders email is apart of the 30 or so emails I have already in a group. So far email spoofing hasn’t been an issue, so all I would need to do is to compare the senders email & if it is a member of the group (on my email whitelist), then to allow the email to be forwarded on. If it isn’t on that list… then to reject the email.

That doesn’t seem nearly as complicated. I’m just not entirely sure how to go about doing it. Perhaps via a script?

Thanks for the help so far.

StupidScript

9:29 pm on Aug 12, 2005 (gmt 0)

ChrisCBA, I'm thinking you need to look for a "milter" that would handle that. It's like a "filter" that's tied into the mail program. Basically, all incoming mail directed to the group would be run through the milter and checked against the contents of your "whitelist". If the "From:" address matches (even if it's bogus), the mail goes out to the group. You can use milters to develop anti-spam filters and lots of other stuff, too.

Check out Milter.org [milter.org] for more assistance with that. (You do need to be running sendmail.)