On Tue, 25 Jun 2002, Robert Lister wrote:
> > Yes, but you are forgetting the case where one of your local users sends
> > a perfectly valid message, to an address an some 'other' system that has
> > a .forward that ends up directing the message back to an address on your
> > server. Then, this message, coming from this 'other' server,
> > legitimately has a From header (and envelope sender even), in your
> > domain
>
> Hmm. In our setup, the likelihood of that happening is virtually zero.
> I'd deal with that on a case by case basis.
>
> So I think what I want is:
>
> 1. For things going to selected list addresses (not all users)
Ah #1 is the saving condition there. Its not likely that someone at a
remote site is going to .forward their mail to your list(s)
> 2. Is the "From:" address from our domain?
> 3. If it is, is the IP address one that is internal to us?
> 4. If all these match, then send, if not, freeze it (or discard it)
The following bit of smtp_rcpt ACL would do the trick, substituting your
actual data (possibly with file lookups/etc, as needed) in the correct
formats. Note this cant look at the "From:" header, only the envelope
sender address..
deny senders = yourdomain.com
recipients = selected@list_address.com
!hosts = your_internal_IP's
message = Forged mail not permitted
>
> So in fact I want something not to apply to regular users, just things
> that are directed to the mailing lists. Which will not have any funny
> forward files etc.
>
> Rob
>
>
>
>
--