On Wed, 10 Jan 2001, Andromeda wrote:
> His dialog was:
>
> helo hostname
> mail from: nonexist.user@???
Actually, he says he used postmaster@???, but probably used
htmlworkshop.COM. Postmaster is certainly going to be a valid address and
all spammers will know that. (Well the spammers won't know it, but the
writers of spam-ware will.)
> Now... Exim shows that the address was rewritten... how do I get Exim to
> verify either the rewritten part (i.e. his.address@???)
You can't really verify foreign addresses (without actually sending a
message).
> or the
> originally specified sender (i.e. nonexist.user@???)?
It does appear that he used a valid local address (as did I).
> Any help is appreciated (and no, I cannot unset the infamous
> host_accept_relay option due to the nature of the users).
I'm afraid that you have little choice in the matter. Is it really
impossible to get your users to use AUTH SMTP?. Most clients will store
the passwords so it shouldn't be much of an inconvenience to them.
Depending on how fluid your roaming user base is, you could even *start*
by issuing a single common password, hardcoded into your config,
*temporarily* for a few days while you get a proper set of passwords in
place.
-j
--
Jeffrey Goldberg
I have recently moved, see
http://www.goldmark.org/jeff/contact.html
Relativism is the triumph of authority over truth, convention over justice
