> From: exim-users-bounces@???
> [mailto:exim-users-bounces@exim.org] On Behalf Of .|MoNK|Cucumber .
> Sent: 25 June 2005 21:55
> To: exim-users@???
> Subject: [exim] Way to Prevent Spoofed Internal Addresses?
>
> Is there a way with exim to prevent spoofed internal addresses?
>
> ie:, someone has a valid internal account, say
> person1@???, and they then go into Outlook and change
> the from address to person2@??? ?
>
> We have this blocked inbound from the net (not allowing
> anything from the internal domain to come in), however,
> people can still spoof from addresses internally.
>
> Any ideas?
You could try something like this:
deny
authenticated = *
!senders = $authenticated_id
message = Aliases not allowed
However, a problem with Outlook is that when it receives a "deny", instead
of reporting the error message from the MTA it just tries to send the email
again from any other accounts it can find, until it succeeds in sending the
email. If anyone knows how to stop it doing that, I'd appreciate hearing the
solution.
- Mark
