On 5 Dec 1996, Neal Becker wrote:
> To hide what they are doing, SPAMers frequently set the sender address
> to point at a duff address. For sites using MUAs which submit email
> over SMTP, you can avoid your users using an address other than a
> valid address within your domain by restricting permitted sender
> addresses.
>
> sender_address_relay = cl.cam.ac.uk
>
> Doesn't sender_verify cover this?
No; sender_verify just checks that the address is valid, i.e. Exim can
route to it. Piete's users submit mail from their workstations via SMTP
to his mail server. He wants to insist that they set their sender
addresses to xxx@???, so he sets sender_address_relay as above.
Just setting sender_verify would not stop one of his users emitting mail
with the sender set to neal@???, to choose a random example. :-)
Since his mail server is the host that deals with mail to cl.cam.ac.uk,
it can also check that xxx is a valid local part.
--
Philip Hazel University Computing Service,
ph10@??? New Museums Site, Cambridge CB2 3QG,
P.Hazel@??? England. Phone: +44 1223 334714