On (2002/10/15 15:24), Greg Ward wrote:
> > # Deny messages from the outside world with MAILER-DAEMON at a local
> > # domain as the sender address, to weed out messages from virus SMTP
> > # engines (which have a tendency to use such sender addresses) before
> > # they reach the content scanner and result in bounce messages that the
> > # postmaster has to read.
> > [...]
>
> I do something similar for python.org, with the difference that *all*
> @python.org addresses (except for a handful that can legitimately
> originate externally) are banned. Check the archive for the pros-and-
> cons discussion -- this is not something you should do lightly.
Right. Fortunately, relay clients use a different host address (and
thus a different instance of Exim) when connecting to this box, so I can
enable this ACL rule without affecting staff members' ability to send as
if from postmaster or mailer-daemon.
> And I bet you can do it more cleanly using an address list. Maybe
> something like this:
>
> deny message = invalid use of sender <$sender_address>
> sender_domains= +local_domains
> hosts = !127.0.0.1/32 : !10.0.0.0/24 : *
> senders = postmaster@* : mailer-daemon@*
Indeed, that's much cleaner. Thank you!
Ciao,
Sheldon.
