On 05/04/07, Joseph <lists@???> wrote: > Peter Bowyer wrote:
> > On 05/04/07, Joseph <lists@???> wrote:
> >> Trying to setup a small setup where only email from a domain list or
> >> user@domain list will be excepted.
> >>
> >> Any one have tips or pointers on how to check both things in the same acl?
> >
> > accept sender_domains = /path/to/list.of.domains
> > accept senders = /path/to/list.of.senders
> > deny
> >
> > Bear in mind that both sender and sender domain are trivially forged.
>
> Is there a way to verify that the sender domain and the sending ip match
> via the mx?
This is unsafe in general use, since very many sites will send mail
from servers which are not MXs for the sender domain. If you're only
doing it for a restricted list of domains for which you know this
doesn't apply, you can use the dnsdb lookup type... I can never
remember how that works, so someone else will have to help you with
that.