--On 17 February 2010 10:42:28 +0000 Dave Evans
<exim-users-20081202@???> wrote:
>
> Other than that, I'd look into: requiring SMTP AUTH; rate limiting;
> allowing only whitelisted sender domains. Or maybe some combination,
> like only applying rate limiting if the sender domain isn't whitelisted.
>
I'd second that. You *really* should not be relaying domains that your
customers don't own. If the domain does belong to your customer, though,
then there's no harm in doing a sender verification callout. But, you'd
still be better off requiring the customer to authenticate.
--
Ian Eiloart
IT Services, University of Sussex
01273-873148 x3148
For new support requests, see
http://www.sussex.ac.uk/its/help/
