[Discuss] Strange sendmail (and postfix) spam issue: accepting fail "from" myself?

[warlord at MIT.EDU (Derek Atkins)]

Hi,

I've got a recently-occurring spam issue that I'm trying to solve.  And
apparently it's happening on two different servers running both sendmail
and postfix.  The issue is that someone is connecting from a remote
system, claiming to be "from" my domain, and sending mail "to" my
domain.

In other words, they connect to mail.foo.example claiming to be
from: sales at foo.example and sending to: user at foo.example.  For some
reason this is making it past my spam checks, and I don't know why.

Strangely, this is happening both in postfix and in sendmail.

It's quite annoying, and getting more.. "popular".

Any advice from the crowd?

I'm happy to share configuration data privately; on the sendmail side I
*do* use relay_based_on_MX; maybe that has something to do with it?

On the postfix side, I might need to explicitly disallow senders
claiming to be from my own domain that aren't authenticated; I suppose I
need to add "reject_unlisted_sender" to my smtpd_sender_restrictions?

Thanks,

-derek
-- 
       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       warlord at MIT.EDU                        PGP key available