Re: [Exim] [Spoofed Mail addresses spamming mails]

Top Page
Delete this message
Reply to this message
Author: Tim Jackson
Date:  
To: exim-users
Subject: Re: [Exim] [Spoofed Mail addresses spamming mails]
Hi Vibhav, on Tue, 03 Feb 2004 16:01:29 +0530 you wrote:

> My Friend who is also an admin , polled to 25 port of my server
> and he did the following:
> MAIL FROM:<invalidemailaccount@???>
> RCTP TO: <validuser@???>
> and he was able to deliver the mail to my mail box...


Hang on, I've just realised you've mentioned two/three distinct points
here. Your first was about spammers "telnetting", and invalid local user
accounts. The second seems to be about invalid sender addresses.

To help with the second (invalid sender addresses), you can either do
callouts (Exim 4; though consider the implications carefully first), or
just do "require verify = sender" (already in the default config file)
which won't stop all faked senders, but will stop those with invalid
domains.


Tim