Re: [exim] Re: Sanity check: ACL to block fake sender addres…

Top Page
Delete this message
Reply to this message
Author: Ian Eiloart
Date:  
To: Roger Håkansson
CC: exim-users
Subject: Re: [exim] Re: Sanity check: ACL to block fake sender addresses

On 17 Nov 2005, at 10:06, Roger Håkansson wrote:

> David Woodhouse wrote:
>> That isn't a useful test. If your users send mail to any address
>> elsewhere which is forwarded back to a local user, you'll see
>> perfectly
>> genuine mail coming in from the outside but with your own users'
>> addresses.
>
> I'm aware of that, but its not a problem for me.


We handle that problem by adding a specific header to any local
outgoing mail. Then, we accept the mail if it has that specific
header. It's a very simple header, with no attempt at embedding any
secret - but that'll do until some spammer decides that we're worth
specifically targeting. Then, we'd probably use an MD5 hash of the
sender address, a secret and something time sensitive.

Of course, it does mean that home users HAVE to use our SMTP server  
for message submission - so we provide for that with authenticated  
SMTP on port 587.
-- 
Ian Eiloart
Postmaster, University of Sussex
()  ascii ribbon campaign - against html mail
/\                        - against microsoft attachments