Erm, yeah, that verifies that the MAIL FROM command they send has your
domain in it.
Anyone can do this, and it is common for spammers who want to relay
through your server to put "MAIL FROM:<randomstuffhere@???"
If you allow someone on a random IP to relay through your server, you
need something a bit harder to forge, such as a password (checked via
either SMTP AUTH or POP-before-SMTP)
On Wed, 10 Jan 2001, Andromeda wrote:
> At 09:06 10/01/2001 +0000, you wrote:
> >NO! Do not do this. It allows any host to relay through your box, and
> >setting sender_address_relay isn't a very strong guard - anybody can
> >forge senders.
>
> Not if they are VERIFIED with sender_verify :)
>
> You would only let senders of your virtual domain relay anyway :)
>
> So far I have yet to have someone get through this box with the above :)
>
> Andromeda
>
> - The Andromeda HTML Workshop - http://www.htmlworkshop.com/
> Home of Search & Replace 98
>
>
> --
> ## List details at http://www.exim.org/mailman/listinfo/exim-users Exim details at http://www.exim.org/ ##
>
--