On Wed, Jan 21, 2004 at 11:01:13AM +0100, Jan Johansson wrote:
> > Yes,
> > No, that should be enough. However imho "acls are always bypassed" is
> > not something I would do, I would still at least try to verify the
> > recipient.
> Yeah, I know. But I am not sure how to do that, I mean, sure limit to
> domain or sender, but that can also be faked.
No, that was not what I was intending to convey, I meant "verify
recipient" in the meaning used in exim's ACL, that is checking whether
we are able to deliver mail to the address given as recipient at all.
Otherwise you need to (unnecessarily) generate a bounce which might be
undeliverable (because you did not verify the sender either).
For examle you would no want to accept mail from foo@???
sent to hjhj@??? as you cannot handle it.
> So, any tips on how to verify a roadwarrior that might very well
> show up from any IP whatsoever?
accept authenticated = *
endpass
message = unrouteable address given as recipient
verify = recipient
message = unrouteable address given as sender
verify = sender
Untested.
cu andreas
--
"See, I told you they'd listen to Reason," [SPOILER] Svfurlr fnlf,
fuhggvat qbja gur juveyvat tha.
Neal Stephenson in "Snow Crash"
