On Sun, 23 Jun 2002, Yura Pismerov wrote:
>
> Finally I figured (thanks to Communigate Pro mailing list) what I'd
> like to have to fight spammers that pretend to be somebody from our
> domain. Is there way to reject messages without SMTP AUTH if return-path
> header contains local address ?
> Here is excerpt from Communigate Pro manual. I need the same for Exim.
> Is it possible ?
>
Unless you are an open relay, spammers (who arent your customers)
shouldnt be able to send mail through your server anyway. If the
spammers are your customers, then this wont stop them anyway.
If you are trying to stop just spam coming TO your domain, which also
forges a sender address in your domain, this might have some limited
use. But surely not a very high percentage of the spam you receive falls
into that category.
If a spammer wants to forge sender addresses in your domain name, there
is currently no technical way to stop them from doing so, using servers
which are not yours - only legal after-the-fact methods (eg, sue them
for forgery)
If you are trying to use SMTP AUTH to stop yourself being an open relay,
you want it to apply to any sender-hosts that arent coming from your
own netblock, regardless of what address them claim as a sender. Eg, you
want to accept mail in one of two cases.
1. It is 'from' anywhere out on the Internet (possibly subject to DNSbl
or local restrictions), from any domain (also possibly with some
restrictions), and is addressed _TO_ your customer(s)/domain. You cannot
require SMTP AUTH for this, becuase all legitimate mail from other
servers will fall into this category.
2. It is 'from' a host on an IP network that can only be used by your
customers (and if the IP's are dynamic, you have a log you can use to
determine who was on a given IP at any given time, so you can terminate
any of your customers that might decide to spam), or the sender uses
SMTP AUTH to establish their identity as one of your customers.
> -------------------8<---------------------------------------------------
>
> This option can be used to force all "local" users to use the SMTP AUTH
> feature. If the message Return-Path is an address of one of the
> CommuniGate
> Pro Accounts, the message will be rejected if the client mailer has not
> sent
> the SMTP AUTH command first.
>
> --
>
> ## List details at http://www.exim.org/mailman/listinfo/exim-users Exim details at http://www.exim.org/ ##
>
>
--