Hi OpenSMTPD users, I really love your smtpd. I would like to find a way to avoid MAIL-FROM and From header forgery.
First things first, MAIL-FROM forgery: these are my match directives. How can I avoid people sending messages not from local, not authenticated, to my domain? match for local action "local" match from local for any action "relay" match from auth for any action "relay" match from any for rcpt-to <mail-recipients> action "local" I tried adding match ! from auth mail-from "@domain.it" reject before the last match directive, but it did not make any difference. I could still spoof MAIL-FROM from other mail servers, sending the message as if I were from @domain.it, even if I was really sending it from @otherdomain.it. Could you please help me out? Thank you very much. -- Matteo Bini
