2008/12/23 Stephen Gran <st...@lobefin.net>: > On Tue, Dec 23, 2008 at 09:38:22AM +0000, Peter Bowyer said: >> 2008/12/22 Matthew Newton <m...@leicester.ac.uk>: >> > On Mon, Dec 22, 2008 at 07:44:49AM -0800, dan_mit...@ymp.gov wrote: >> >> You might want to look into implementing SPF. It would catch any mail >> >> forged from your domain. www.openspf.org >> > >> > Probably more reliable to configure BATV, which will refuse all >> > bounces if they are not arriving at a 'signed' address. Immediate >> > fix for the joe-job problem. >> >> ... with the caveat that all outgoing mail must be signed, implying >> that it (probably) all needs to flow out through the same MTA. >> Otherwise you risk rejecting bounces to mail that was sent genuinely >> but not BATV-signed (which may or may not be important depending on >> the implementation). > > BATV is a standard, so if you have two MTAs implementing it correctly, > it shouldn't matter which one the mail left from. This is, of course, > only in theory - I am quite sure someone will manage to come up with a > case where this breaks :)
Sure - but the problem case is when mail is orignated outside of the domain of control - like this message, for example, from Gmail. Who don't sign return paths with BATV. Peter -- Peter Bowyer Email: pe...@bowyer.org Follow me on Twitter: twitter.com/peeebeee -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/