Author: Renaud Allard Date: To: Kevin Colagio CC: exim-users Subject: Re: [exim] Blocking non-existent local accounts.
Kevin Colagio wrote: > Hey folks,
>
> We have been getting some phishing attempts where the phishers are
> forging a local address to try and give some validity to their request
> for information. The messages are not generated locally, but but I
> don't want to do Sender Verifies for every message that comes in.
>
> What I'd like to do is have Exim only check local sender addresses and
> if it's not a valid address, reject the message. However, I'm not sure
> how to do this. Has anyone implemented something like this?
>
> Of course, if there's another way to do the same type of thing, I'd be
> interested in hearing it.
>
You should maybe restrict the use of your internal address to your
internal mail servers. That means not accepting mails from your domains
from unknown sources. This is cheaper to implement than callouts, but
may or may not be possible depending on your requirements.