Hi i have following setup: INTERNET | LINUX QMAIL SERVER (2 Interfaces, internal mail.intra.xxx.com, external mail.xxx.com) | PRIVATE NETWORK | Exchange Server server should accept all mails for *@xxx.com and route it to Exchange Server i dont want *@mail.xxx.com emails to be accepted, alerts or similar local originated mail should go to a local account or to [EMAIL PROTECTED] So i have following configfiles control/smtproutes: xxx.com:exchange control/me: mail.xxx.com control/defaultdomain: xxx.com contol/localiphost: xxx.com control/locals: mail.xxx.com localhost control/rcpthosts: xxx.com control/badmailfrom: xxx.com i also have configured tcpserver to ,RELAYCLIENT="" in the case the ip address is of my local private subnet. i am running qmail-1.03 with SPAMCONTROL and QMAILQUEUE patch. i also run qmail-scanner. MY PROBLEM: i HAVE TO dissallow mails with originator in internet (external interface), with envelope MAIL FROM: [EMAIL PROTECTED] RCPT TO: [EMAIL PROTECTED] headers should also be checked against this QUESTION: is badmailfrom the right way to do this ? is there a way to deny the message after the MAIL FROM: ? currently it is denied after RCPT TO: are my configfiles optimal for my case ? how can i tune them for optimal function? what configfiles are redundant ? i found out that this is a common problem with many internet smtp sites! this should make it into the ./config script, and into the FAQ! thanks in advance -- Philipp Lopaur