Autor: Al T. Data: A: exim-users Assumpte: [exim] Mail to self allowed without restrictions
I have an interesting problem I haven't been able to solve. I keep searching
for a solution but I can't seem to find an answer.
Users of my domain are required to authenticate in order to submit email.
Additionally, SPF is enabled and rejects all mail not originating from my MX
server (v=spf1 a mx -all).
I have manually tested both of these policies and they are working as they
should, except in one case: if the MAIL FROM and RCPT TO address are the same,
the mail is accepted without requiring authentication, and without validating
the SPF record. This means some spam gets through by simply claiming to be
from me to me.