Re: [exim] Preventing Sender Forgery .

Top Page
Delete this message
Reply to this message
Author: Mike Cardwell
Date:  
To: exim-users
Subject: Re: [exim] Preventing Sender Forgery .
Jeroen van Aart wrote:

>>> How can I prevent Sender Forgery for my server. Alot of people in my
>>> company are getting e-mails from themselves. Any Ideas will be greatly
>>> appreciated.
>>>
>> Only allow local domains to be used on authenticated SMTP sessions on
>> the submission port. I'm doing this here since a long time with no
>
> You can't really stop forging the From: that way.


You can. In DATA acl:

deny message = Not allowed without SMTP AUTH
      condition = ${if match_domain{${domain:$h_From:}}{+local_domains}}
      !authenticated = *


> Neither will SPF stop
> forging email headers. Nothing really will, except a total redesign of
> the smtp protocol or a totally new protocol.


DKIM could stop people forging your domain in headers to a certain
extent. People need to start using it more first though.

> Grey listing and other spam filtering techniques will help a lot. Since
> emails with forged headers almost solely are from spammers you will
> block many forged emails that way.


Aye.

Mike