It will check the actual sender, the one in the "MAIL FROM:" SMTP
negotiation. This is the "return-path".
Of course, if your php scripts send everything as "www@localhost" (php
mail() function I think) this won't be a good solution. So you should
use a php function which speaks SMTP and force php devs to use it.
If you require that this happens with the "From:" header, you will have
to use a regexp in the data acl.
Will Harrison wrote:
> Thank you Renaud
>
> Will this actually check the "From:" header or just the actual sender?
>
> Thanks again
>
> Will
>
> Renaud Allard wrote:
>> Of course, with something like that it should work:
>>
>> acl_check_rcpt:
>>
>> accept
>> hosts = :
>> endpass
>> message = Sending mails from $sender_address_domain is
>> not permitted
>> sender_domains = +local_domains
>>
>> accept
>> authenticated = *
>> endpass
>> message = Sending mails from $sender_address_domain is
>> not permitted
>> sender_domains = +local_domains
>>
>>
>> Will Harrison wrote:
>>> Can we restrict mails sent from the local host to only be allowed to
>>> have their sender/from address be from a valid domain in
>>> /etc/localdomains?
>>>
>>> If a php script is used by a spammer he will usually set the from
>>> address to something other than the real domain e.g.
>>> accounts@???. As paypal.com in not listed in localdomains can
>>> we reject it?
>>>
>>> I hope I am making sence. Thanks in advance.
>>>
>>> Will
>>>
>>
>
>
--
.O.
..O
OOO
PGP key:
http://www.llorien.org/gnupg/key.pub
