Re: [Exim] Preventing forged From: headers (exim 3.36)

Top Page
Delete this message
Reply to this message
Author: Robert Lister
Date:  
To: Dave C.
CC: Leonardo Boselli, ice, exim-users
Subject: Re: [Exim] Preventing forged From: headers (exim 3.36)
> Yes, but you are forgetting the case where one of your local users sends
> a perfectly valid message, to an address an some 'other' system that has
> a .forward that ends up directing the message back to an address on your
> server. Then, this message, coming from this 'other' server,
> legitimately has a From header (and envelope sender even), in your
> domain


Hmm. In our setup, the likelihood of that happening is virtually zero.
I'd deal with that on a case by case basis.

So I think what I want is:

1. For things going to selected list addresses (not all users)
2. Is the "From:" address from our domain?
3. If it is, is the IP address one that is internal to us?
4. If all these match, then send, if not, freeze it (or discard it)

So in fact I want something not to apply to regular users, just things
that are directed to the mailing lists. Which will not have any funny
forward files etc.

Rob



--
Robert Lister    -        robl@???    -    http://www.lentil.org
                                                  tel: 07973-815198