Re: [exim] Sender Verification

Top Page
Delete this message
Reply to this message
Author: Ian Eiloart
Date:  
To: Dave Evans, exim-users
Subject: Re: [exim] Sender Verification


--On 17 February 2010 10:42:28 +0000 Dave Evans
<exim-users-20081202@???> wrote:

>
> Other than that, I'd look into: requiring SMTP AUTH; rate limiting;
> allowing only whitelisted sender domains. Or maybe some combination,
> like only applying rate limiting if the sender domain isn't whitelisted.
>


I'd second that. You *really* should not be relaying domains that your
customers don't own. If the domain does belong to your customer, though,
then there's no harm in doing a sender verification callout. But, you'd
still be better off requiring the customer to authenticate.

--
Ian Eiloart
IT Services, University of Sussex
01273-873148 x3148
For new support requests, see http://www.sussex.ac.uk/its/help/