Author: David Woodhouse Date: To: Matthew Newton CC: exim-users, Roger Håkansson Subject: Re: [exim] Sanity check: ACL to block fake sender addresses
On Thu, 2005-11-17 at 12:51 +0000, Matthew Newton wrote: > We had this problem, as the decision had been made in the past
> (before my time) to block incoming from our domain. I fixed the
> off-site forwarding problem by adding a signature in the mail
> headers for mail sent out, and checking for it on the way in.
> Can't remember exactly what it hashes right now, but I believe it
> includes the e-mail address and a secret key, plus other bits. Not
> 100% fool-proof, but seems to work well.
I do something vaguely similar -- I never accept, for example,
MAIL FROM:<dwmw2@???> because I know I never send it.
But that's got nothing to do with 'local' vs. 'remote'. That's 'valid
source address which passes callout verification' vs. 'invalid source
address', and _anyone_ can do that same check if they receive mail
purporting to be from me.