On 11:59 AM, Charles Marcus wrote: > On 2012-01-14 12:23 PM, IVO GELOV (CRM) <[email protected]> wrote: >> I have downloaded the latest version 4.0 - but it seems there is no >> way to prevent spammers to use forged email addresses. I decided to >> remove the vacation feature from our corporate mail server, because >> it actually opens a backdoor (even though only when someone decides >> to activate his vacation auto-reply) for spammers and puts a risk on >> the company (our server can be blacklisted). > > Sorry, I misread your message... > > However, (I *think*) there *is* a simple solution to your problem, if I > now understand it correctly... > > Simply disallow anyone sending from an email address in your domain from > sending without SASL_AUTHing...
I don't see how this will help. The scenario the OP is concerned about is [email protected] sends a message with forged From: and maybe envelope sender [email protected] to his user on vacation. The vacation program sends an autoresponse to the victim. However, why worry about this minimal backscatter? A good vacation program will not send more that one autoresponse per long time (a week?) for a given sender/recipient and won't include the original spam payload. So, even though a spammer might use this backdoor to cause your server to send messages to multiple recipients, the messages should not have spam payloads and shouldn't be sent more that once to a given end recipient. -- Mark Sapiro <[email protected]> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
