--
How about adding the following ACL condition:
sender_helo_name = <domain list>
That way, you could add something like the following in an ACL:
acl_check_helo:
accept hosts = : +relay_from_hosts
deny message = Do not pretend to be me, impostor!
sender_helo_name = +local_domains
Currently, one can do the following (as I do):
acl_check_helo:
accept hosts = : +relay_from_hosts
deny message = Give me your name, not an IP address
condition = ${if isip {$sender_helo_name}{yes}{no}}
deny message = Go away, impostor!
condition = ${if eq
{$sender_helo_name}{$primary_hostname}{yes}{no}}
However, this only catches the primary host name (in my case,
'net.slett.net'), not the domains for which the machine is configured
to handle mail ('slett.net'...)
Good? Bad? Ugly?
I would not mind writing a patch to accomplish this, if noone else
wants to and noone thinks it is not a good idea. (How's that for
triple negatives? :)
-tor
--
[ smime.p7s of type application/pkcs7-signature deleted ]
--
