On Friday, July 08, 2011 09:19:15 am mailing@??? wrote:
> On 07/07/2011 22:13, Jeremy Harris wrote:
> > On 2011-07-07 19:32, mailing@??? wrote:
> >> Hello, I'm trying to verify the sender of my messages so that my
> >> users (authenticated) can't send with FROM something like
> >> user@???, but with the real and public email address. But
> >> actually every senders is accepted. This is my ACL, I suppose that
> >> deny !verify = sender/callout (or without callout) will do the job,
It will work, but only if you've got your routers set properly. Verifying
senders (or recipient for that matter) is just a way to see if one of your
routers is prepared to deliver to the address. If "exchange.local" is a valid
DNS name in your internal network, a DNSLookup router will at least try to
deliver mail there.
Given that you picked "exchange.local" for the example, I'm supposing you're
talking about Microsoft Exchange. The exchange box may well accept the
address, since it that's its domain name (by default, Exchange does accept
then bounce, so "callout" is useless - it will accept all local parts).
As a quick fix you could probably just have an acl like
deny ! sender_domains = +acceptable_domains
although that won't help for local parts. To be sure, you need have either a
list of valid addresses (flat file database/ LDAP etc), or fix the callout target
to not accept-then-bounce.
If you give a bit of detail about your setup, I'm sure we'll figure the best
course of action.
Ben
