--On 24 September 2009 08:01:24 +0200 janek <janek.fc5@???> wrote:
> Some more info how to do it please - I'm really not good at configuring
> exim.
>
> Reason for rewriting From: header inside email with MAIL FROM: is anti
> mail sender spoof. MAIL FROM: gets verified in smtp session, from: header
> does not. Gmail does such rewriting. Other servers do not and you can
> send email using their service while signing as any sender. I realize
> that such rewrite is not with accordance with rfc-s but many things can't
> be those time when fighting abusers.
This is something that you can (and perhaps should, depending on your
circumstances) do when the email is a submission email (that it, you know
that the sender address is not spoofed). We do that for local and
authenticated submissions, but allow individuals to opt out.
There's no point doing it for untrusted email (arriving from another site).
You have no more reason to trust the sender address than the "From:"
header. If you do think there's a problem with the "From:" header, then
rejecting the mail may be the best thing to do.
Implementation details: use headers_remove and headers_add, but only after
you've determined that the message really is from a local user.
--
Ian Eiloart
IT Services, University of Sussex
01273-873148 x3148
For new support requests, see
http://www.sussex.ac.uk/its/help/