Re: [exim] Compile time problems

On Mon, 3 Apr 2006, Ian Eiloart wrote:

> You can't whitelist a mail domain because anyone can use it.
> However, if you could tie down the legitimate servers for a domain
> that you trust, then you could whitelist those servers (at least for
> mail from that domain). That's what SPF lets you do.
>
> Of course, not all email from that domain will come from those
> servers, [...]

Indeed. We got an email exchange with our postmaster address, which
descended into a quite abusive tone from the other side, because we
had rejected[1] mail which was presenting a *.gov email address in the
envelope-sender, but was being sent from a dynamic DSL address at one
of the major US spam-source providers.

Apparently, the sender was of the opinion that we *had* to trust his
*.gov envelope sender address, no matter what mail relay he was using.
Amongst his excuses was the claim that, because that particular
service provider was the only one serving his home area, he had no
possibility of sending mail from home in any other way. I could only
conclude that if his .gov institution was so distrustful of his
service provider that they wouldn't let him send his *.gov mail via
their mail system, it was hard to understand why we were expected to
be any more tolerant...?

(No, I don't have a solution; I'm just sharing a scenario which we had
to deal with, so that others might be prepared for it if it happens to
them.)

best regards

[1] the rejection report indeed directs bona fide senders to contact
the unfiltered postmaster address.