> In our current configuration of "relay mail for addresses", someone
> on the trusted IP's can send email from: [EMAIL PROTECTED] to:
> [EMAIL PROTECTED] without any problems. We want to stop this.
Actually, it's not just the trusted IPs: anybody using SMTP AUTH can
also do this. It's a lot more difficult for this to happen "by
accident" when you require AUTH, as users would have to deliberately
specify a different AUTH username from the sender address in their
MUA.
If you want to stop casual abusers, you might want to try an Outbound
Rule searching for:
SENDER DOES NOT CONTAIN '@example.com' AND
FROM DOES NOT CONTAIN '@example.com' AND
HEADERS DO NOT CONTAIN 'SMTP32-FWD'
This is untested, but I think this will be relatively unobtrusive
(that is, it won't stop all spoofed mail, but should have a
non-negligible deterrent effect with minimal FPs).
--Sandy
------------------------------------
Sanford Whiteman, Chief Technologist
Broadleaf Systems, a division of
Cypress Integrated Systems, Inc.
e-mail: [EMAIL PROTECTED]
SpamAssassin plugs into Declude!
http://www.mailmage.com/download/software/freeutils/SPAMC32/Release/
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
