Re: [exim] simple email spoofing prevention

Top Page
Delete this message
Reply to this message
Author: John W. Baxter
Date:  
To: exim-users
Subject: Re: [exim] simple email spoofing prevention
On 4/16/2005 11:00, "Kjetil Torgrim Homme" <kjetilho@???> wrote:

> On Sat, 2005-04-16 at 02:41 -0700, Ron Gorodetzky wrote:
>> How can I instruct _exim_ to accept email from admin@??? to
>> foo-list@??? _only_ if the message originated from the local
>> machine or through a regular TLS secured SMTP connection directly to the
>> server (I'm referring to when admin@??? sends an email from the
>> email client on their own computer using the example.com SMTP server
>> with the correct user/pass and whatnot).
>>
>> First, is this possible?
>
> sure, but I think it is easier to require the message to include a
> header with a secret word. check this in the DATA ACL, and remember to
> remove the header after it has been checked :-)


The method above looks workable.

admin@??? is probably a bad choice, give the now-old virus which
send "From" admin@ whatever domain it was sending a given message to.

We drop anything that claims to be from admin@us (silently). [I'm the only
person who used to send from admin...I no longer do.]

--John