Hi Simon, on Wed, 04 Aug 2004 10:36:33 +0100 you wrote:
[in response to Jae asking about blocking env sender=local when
i/face=external]
> I didnt write it but this is the rule I use to prevent spoofing of my
> own inteface if thats what you mean:
[snip example of blocking HELO of your.interface.IP]
I think Jae was trying to ask how to block mail with an envelope sender of
one of his local domains originating on the external interface.
Jae, you can do it with something like the following but, as David rightly
pointed out, it is probably not a good idea and you are likely to break
things.
deny message = Forged sender domain
condition = ${if eq{$interface_address}{your.external.ip}{1}{0}}
sender_domains = +local_domains
Consider mailing lists (expansion-type) that don't rewrite the return
path, forwarded mail that ends up back at you, etc. This means you
shouldn't do this unless you are really sure you've thought through all
the possible scenarios where mail with a "local" domain env sender might
well be coming in on the external interface.
Tim
