[exim] Re: Is sender verification possible on a server that …

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Slavko
Date:  
À: exim-users
Sujet: [exim] Re: Is sender verification possible on a server that is used as a smarthost?
Dňa 5. októbra 2023 13:29:46 UTC používateľ Mario Emmenlauer via Exim-users <exim-users@???> napísal:

>Yes, this is something I did not really consider :( But after the
>suggestions here on the list I can value this. I'll go for an approach
>that keeps the addresses routable. Thanks for pointing that out!


I use dnsmasq for my LANs, it acts as DNS + DHCP (and in some
+ TFTP, but that is unrelated). The dnsmasq can serve MX record
for all its entries (hosts registered either via DHCP or from
/etc/hosts or eqivalent files) and assign static MX records. The
some hosts are running own MTA (for various reasons), these has
its own MX record in dnsmasq, thus overrides autogenerated one.

I use custom TLD, but i will not suggest that (it is historical, from
time when TLD list was limited). Use either dedicated subdomain
of own domain or use home.arpa.

All my hosts are managed under that DNS zone, and all have MX
pointed to dedicated MTA. That dedicated MTA handles host's
FQDN as wildcard domain, and all these addresses are redirected
(delivered) to dedicated (admin) mailbox without address rewriting.
(in some LANs i even encrypt them and resend via public mail, but
that is another story)

These hosts are not assumed to regulary get emails, but in case
of bounce, it is delivered to admin, thus noticed. As the host's
names are part of sender (and From:) domain, here is no problem
to know from which host it comes. But hostname in subject is
better, as some MUAs shows sender address by too small
font.

Do not rewrite sender allow me to sort emails by sender on
IMAP server, but i usually prefer to sort them by subject.

Do not rely on that only services can send emails, especially
on desktops. Anyone can use exim via stdin (or eg. mailx) to
send mails, thus make sure to restrict it in nonSMTP ACL.

regards


--
Slavko
https://www.slavino.sk/

--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@???
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/