Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 1 subscriber
  • Views 3275 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Problems with preventing spoofing but allowing Zendesk

thedukeness
I want to refuse unauthorized email that has a from address @mydomain.com.  The only way I've come up with to do this is to have a sender blacklist of *@mydomain.com.  This has worked well until now because I need to receive email from Zendesk and the from address needs to be @mydomain.com.  This normally wouldn't be a problem; I would add the additional SMTP server to the Host-based relay whitelist.  But in this case Zendesk uses Gmail to send email and I guessing quite a few spammers do too.  Is there a better or more elegant way to solve this than whitelisting all the Gmail servers to open relay?


This thread was automatically locked due to age.
  • 0
    I'm not following your explanation of your current solution/problem.  I don't think I would add their server to a relay whitelist.

    Zendesk wants to send an email to your domain with a spoofed sender from your domain?  That seems strange.  For instance, I use MailChimp for opt-in email for two charities I work with.  Email broadcasts sent by the president of neighbohood.org have a Sender address like president=neighborhood.org@mail126.us2.mcsv.ne.  Is that perhaps what Zendesk means?

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    Well its not that Zendesk wants to send as us but we want Zendesk to.  The reason being that way when people receive emails from Zendesk and hit reply, it will go back to us.
  • 0
    That's what the "Reply To" field is for.  I bet that's Zendesk's standard practice.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    Yeah that would probably work.  But Zendesk only lets you set the one address with no option for an additional reply to one. [:(]
  • 0
    OK.  There's no change you need to make in the UTM except that you might want to disable the BATV check.  In public DNS, make sure that your SPF record, if you have one, also lists those used by Zendesk.  

    Cheers - Bob
    PS Actually, adding an SPF record should solve the problem that led you to blacklist your own domain.
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML