Re: [exim] Preventing Sender Forgery .

Góra strony
Delete this message
Reply to this message
Autor: Arkadiusz Miskiewicz
Data:  
Dla: exim-users
Temat: Re: [exim] Preventing Sender Forgery .
On Friday 22 August 2008, Oliver von Bueren wrote:
> JDavila@??? wrote:
> > How can I prevent Sender Forgery for my server. Alot of people in my
> > company are getting e-mails from themselves. Any Ideas will be greatly
> > appreciated.
>
> Only allow local domains to be used on authenticated SMTP sessions on
> the submission port.


"local domains" is the problem. People have mostly non local domains. They get
emails from outside world.

Deny mail commit from local domains without smtp auth.

  deny    message = Not allowed without SMTP AUTH 
          domains = +local_domains
          sender_domains = +local_domains
          !authenticated = *



Note this has one big weakness. You can send mail with
MAIL FROM: <outside@???>
and then still put
From: inside@???
and this will go trough.

Some $h_from rule checking would be needed, too.

-- 
Arkadiusz Miśkiewicz        PLD/Linux Team
arekm / maven.pl            http://ftp.pld-linux.org/