"T. Horsnell (tsh),F46,2219,01223247239" <tsh@???> wrote:
>
>All mail to/from our site is handled by our mail hub,
>which in turn is fed by a UCam upstream relay (smarthost).
>External SMTP traffic is only permitted between
>our hub and his upstream relay.
>
>How does this setup affect the ACL 'verify=sender' option?
It doesn't, since the hub is applying the same check at the moment. We
plan to add callout verification soon, though.
>The docs say that the sender address is passed thro' the
>routers to determine its validity, but what happens
>here, since the routers are arranged to forward all
>offsite mail to the smarthost?
For non-local domains it just checks that the domain exists in the DNS.
>We have started to receive spam where the key message
>(usually a hotlink) is embedded in piles of random words,
>which then get through our statistical spam scanner
>(bogofilter). However, the sender is also a forged
>randomly-generated user at a legit site,
>(e.g.aaxxgtrr@???) so I would like to use the ACL
>to reject these.
Callout verification will help with this. However because you are behind a
hub any SMTP-time checks that you perform will cause the message to bounce
(rather than be rejected) which is not so good. In this case it'll cause
a double bounce so the message will freeze on ppsw which is a bit ugly
but not a serious problem. SMTP-time content checks cause more difficulties.
Tony.
--
f.a.n.finch <dot@???>
http://dotat.at/
ARDNAMURCHAN POINT TO CAPE WRATH INCLUDING THE OUTER HEBRIDES: SOUTH OR
SOUTHWEST 5 OR 6, OCCASIONALLY 4 FOR A TIME, AND LOCALLY 7 LATER. RAIN AND
MIST, THEN SHOWERS. MODERATE OR GOOD, OCCASIONALLY POOR FOR A TIME. MODERATE
OR ROUGH, BECOMING ROUGH OR VERY ROUGH.
