RE: [exim] Way to Prevent Spoofed Internal Addresses?

Top Page
Delete this message
Reply to this message
Author: Mark
Date:  
To: Mark Smith
CC: exim-users, '.|MoNK|Cucumber .'
Subject: RE: [exim] Way to Prevent Spoofed Internal Addresses?
On Sat, 2005-06-25 at 22:25 +0100, Mark Smith wrote:
> > You could try something like this:
> >
> >   deny
> >     authenticated = *
> >     !senders = $authenticated_id
> >     message = Aliases not allowed

> >
> > However, a problem with Outlook is that when it receives a
> > "deny", instead of reporting the error message from the MTA
> > it just tries to send the email again from any other accounts
> > it can find, until it succeeds in sending the email. If
> > anyone knows how to stop it doing that, I'd appreciate
> > hearing the solution.
> >
>
> Just realized that if you put the test in the MAIL_FROM ACL, rather than
> RCPT, Outlook reports the error properly and gives up.


Combine that acl with a policy (which is backed up) that attempts to
change the sending address will result in loss of computer access /
being kicked off the network / dismissal (assuming this is a work place)
and you're onto a winner. Technical solutions are only ever a partial
solution as the really determined moron will always find a way to work
round them.

--
Mark <hamster@???>