On Friday 22 August 2008, Oliver von Bueren wrote:
> JDavila@??? wrote:
> > How can I prevent Sender Forgery for my server. Alot of people in my
> > company are getting e-mails from themselves. Any Ideas will be greatly
> > appreciated.
>
> Only allow local domains to be used on authenticated SMTP sessions on
> the submission port.
"local domains" is the problem. People have mostly non local domains. They get
emails from outside world.
Deny mail commit from local domains without smtp auth.
deny message = Not allowed without SMTP AUTH
domains = +local_domains
sender_domains = +local_domains
!authenticated = *
Note this has one big weakness. You can send mail with
MAIL FROM: <outside@???>
and then still put
From: inside@???
and this will go trough.
Some $h_from rule checking would be needed, too.
--
Arkadiusz Miśkiewicz PLD/Linux Team
arekm / maven.pl http://ftp.pld-linux.org/
