Print Page | Close Window

Local Domain

Printed From: LogSat Software
Category: Spam Filter ISP
Forum Name: Spam Filter ISP Support
Forum Description: General support for Spam Filter ISP
URL: https://www.logsat.com/spamfilter/forums/forum_posts.asp?TID=6441
Printed Date: 09 May 2025 at 8:24am


Topic: Local Domain
Posted By: ssullivan
Subject: Local Domain
Date Posted: 20 March 2008 at 6:41pm
If all of my users are connecting directly to my exchange server to get there emails and send emails back and forth to one another, why would I need to allow incoming email from someone in my Domain.  I would think that these would be spoofed addresses and bad to begin with.


Replies:
Posted By: jerbo128
Date Posted: 20 March 2008 at 9:49pm
If you have only one mail server that handles all mail for your domain, then you are probably right.
 
Myself, I have a couple of mail servers, and a couple of web servers  which generate emails - all at different physical locations - all of which could be using the same domain.  So we want to allow mail from our own domains.
 
Jeremy

Posted By: ssullivan
Date Posted: 07 April 2008 at 7:19pm
So I come back to the question, how could I block emails that are showing a from my domain (@domain.com) but not affect the one going to my domain.  Example
Allow an email from mailto:someone@yahoo.com - someone@yahoo.com to mailto:ssullivan@domain.com - ssullivan@domain.com
Block an email from mailto:g@domain.com - g@domain.com to ssullivan@domain.com

Posted By: LogSat
Date Posted: 07 April 2008 at 7:43pm
Simple. With SpamFilter, enable the option "Reject if From Domain = To Domain" (see http://www.logsat.com/sfi-spam-filter-screenshots/sfi-filtering-options.asp for a screenshot of this setting). You can also configure SPF (Sender Policy Framerwork - see openspf.org) for your domain. SPF will allow you to control exactly what servers and what IPs are allowed to use your domain name when sending emails, providing you with even more flexibility than the 1st option.

-------------
Roberto Franceschetti

http://www.logsat.com" rel="nofollow - LogSat Software

http://www.logsat.com/sfi-spam-filter.asp" rel="nofollow - Spam Filter ISP

Posted By: ssullivan
Date Posted: 10 April 2008 at 6:19pm

Roberto:

I enabled the option "Reject if From Domain = To Domain"  This did not change anything.  The spam filter is still allowing emails that are saying they are coming from my domain when they can't be.  Any ideas, could it be because I have my domain set up in the local domain list thatit will bypass this rule?

Posted By: jerbo128
Date Posted: 10 April 2008 at 8:14pm

Ssullivan,

You have to have your domain in "local domains" in order to receive mail.

I would check to see if users have whitelisted themselves or other users at your domain in autowhitelistforcedelivery.

I had a real problem with users doing this.  They would see an email in quarantine that had their own "from" address (forged).  Most could not resist clicking "deliver", thus creating the whitelist entry.  I created a scheduled SQL task that goes through and removes and entires from autowhitelistforcedelivery where the user has whitelisted themselves.  Along with SPF, this has all but eliminated the forging address problems we had.

Jeremy

Posted By: LogSat
Date Posted: 10 April 2008 at 10:07pm
ssullivan,

I'm afraid we're confused. Your first post asked "why would I need to allow incoming email from someone in my Domain". The following question is "how could I block emails that are showing a from my domain", and form the last it appears you added your domain to the domain whitelist.

If you can please let us know more specificaly what the issue(s) are, we can help better.

In the meantime, I'll take a stab at interpreting the three questions.

SpamFilter will only accept and deliver emails to the domains you own. These domains must be added to the "Local Domains" in SpamFilter. Only if an email is addressed to a domain in this list it will be accepted for delivery, pending it passes all the other filtering rules. This is not a whitelist, it simply tells SpamFilter that these domains belong to you, and SpamFilter can start examining receiving the email to then check it for spam. If an email arrives that is not addressed to these domains, it will be immediately rejected.

Often spammers will fake their address by using your domain in the "From" of an email. If you enable the "Reject if From Domain = To Domain" option, or better yet, implement SPF in your DNS, these emails will be blocked.

If you add your own domain in the "Whitelisted Domains" whitelist - which note is different than the "Local Domains", then you are effectively whitelisting any incoming email to your domain which has as a sender an address belonging to your domain. Thus all the spam which fake your domain as the sender will bypass all filtering rules.

-------------
Roberto Franceschetti

http://www.logsat.com" rel="nofollow - LogSat Software

http://www.logsat.com/sfi-spam-filter.asp" rel="nofollow - Spam Filter ISP


Print Page | Close Window