[exim] simple email spoofing prevention

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Ron Gorodetzky
Date:  
À: exim-users
Sujet: [exim] simple email spoofing prevention
Hello,

I'm new to the list and had trouble finding an answer in the archives
because I'm not really sure of the correct exim or SMTP terminology to
search for.

We have an email list in that is being managed by a mailing list service
provider that we want to move onto our own servers in the very near
future. It's for an announce-only newsletter to some 50,000
subscribers. I was planning on using mailman (I've used it in the past
for traditional mailing lists but other suggestions are welcome).

Anyway, for most mailing lists, messages that are to be distributed to
the list are sent to say, foo-list@???. I can restrict the
mailing list software to only accept mail to the mailing list from a
specific email address, say, admin@???. But that address can be
easily spoofed.

How can I instruct _exim_ to accept email from admin@??? to
foo-list@??? _only_ if the message originated from the local
machine or through a regular TLS secured SMTP connection directly to the
server (I'm referring to when admin@??? sends an email from the
email client on their own computer using the example.com SMTP server
with the correct user/pass and whatnot).

First, is this possible? Second, will this actually help in preventing
the spoofing of the admin@??? address, thus keeping fake
announcements from showing up on the foo-list@??? mailing list,
or am I missing something?

I've setup exim and mailman on debian systems many times but never had
to really dig too deep into the exim configuration. I've only ever
needed to setup virtual hosts and rudimentary routing but that's about
it.

Any help would be appreciated.

Thanks,

-Ron