#52 dkim signs forged spam

closed
5
2007-08-19
2007-08-04
hgc
No

I received a spam email - usually incoming mail is not signed by my mail server - however this one was. I suspect the reason it was fooled was die to this line:

From: "Coupon Book <CouponBook@fbb4.com>"@mydomain.com

It was tricked into signing this email ... seems bad.

Discussion

  • hgc

    hgc - 2007-08-04

    Logged In: YES
    user_id=1274791
    Originator: YES

    Maybe this is a config issue - i have firewall accept mail from outside and send it to the inside mail host - if any mail inbound has a forged From/Sender containing xx@mydomain.com it gets signed. I will add the internal firewall host IP to the external list maybe?

     
  • hgc

    hgc - 2007-08-04

    Logged In: YES
    user_id=1274791
    Originator: YES

    Maybe this is a config issue - i have firewall accept mail from outside and send it to the inside mail host - if any mail inbound has a forged From/Sender containing xx@mydomain.com it gets signed. I will add the internal firewall host IP to the external list maybe?

     
  • Anonymous - 2007-08-04
    • assigned_to: nobody --> sm-msk
    • summary: Bug - dkim signs forged spam --> dkim signs forged spam
     
  • Anonymous - 2007-08-04

    Logged In: YES
    user_id=1048957
    Originator: NO

    (Moving this to "Bugs" as it is not a feature request.)

    It sounds like you have the firewall on your internal host list ("-i" command line flag or "InternalHosts" configuration file setting). If the firewall is submitting mail on behalf of external sources, then that's the problem. It should be removed from your internal list.

    Another possibility is you have a list of approved MTA ports for submissions to be signed and the firewall submitted the mail on that port.

    Another possibility is you have a macro list set, and one of those conditions were met.

    Another possibility is that the MTA told the filter the client had successfully authenticated using some SMTP AUTH method.

    One of the above must be true, otherwise dkim-filter won't sign the message.

    Which version are you running? That wasn't indicated in your bug report.

     
  • Anonymous - 2007-08-04
    • labels: --> Functionality
     
  • Anonymous - 2007-08-05
    • status: open --> pending
     
  • SourceForge Robot

    Logged In: YES
    user_id=1312539
    Originator: NO

    This Tracker item was closed automatically by the system. It was
    previously set to a Pending status, and the original submitter
    did not respond within 14 days (the time period specified by
    the administrator of this Tracker).

     
  • SourceForge Robot

    • status: pending --> closed
     

Log in to post a comment.