Re: [exim] stopping spam with forged from:

Página Principal
Apagar esta mensagem
Responder a esta mensagem
Autor: Evgeniy Berdnikov
Data:  
Para: exim-users
Assunto: Re: [exim] stopping spam with forged from:
On Wed, May 25, 2022 at 05:45:51PM +0200, Cyborg via Exim-users wrote:
> but, a valid user would use SMTP-Auth which the spammer won't use.


Many sites (millions, I think) do not use SMTP auth for their users,
because local user can be identified by ip-address of mail client.

> so the test:  ( From == To || From in To || From in CC )  &&
> SMTP-AUTH==FALSE  would be a valid methode IMHO.


Valid mail with ( From == To || From in To || From in CC ) can be relayed
from external, by manual redirection or automatical forward.

> It ofcourse requires the use of amtp-auth, but that should be enabled anyway
> or the server will become or is an open relay for anyone.


Policy "allow relaying from my networks and deny from others" is sufficient.
It used by default in many distributions, without SMTP auth.
--
Eugene Berdnikov