It will check the actual sender, the one in the "MAIL FROM:" SMTP negotiation. This is the "return-path".
Of course, if your php scripts send everything as "[EMAIL PROTECTED]" (php mail() function I think) this won't be a good solution. So you should use a php function which speaks SMTP and force php devs to use it. If you require that this happens with the "From:" header, you will have to use a regexp in the data acl. Will Harrison wrote: > Thank you Renaud > > Will this actually check the "From:" header or just the actual sender? > > Thanks again > > Will > > Renaud Allard wrote: >> Of course, with something like that it should work: >> >> acl_check_rcpt: >> >> accept >> hosts = : >> endpass >> message = Sending mails from $sender_address_domain is >> not permitted >> sender_domains = +local_domains >> >> accept >> authenticated = * >> endpass >> message = Sending mails from $sender_address_domain is >> not permitted >> sender_domains = +local_domains >> >> >> Will Harrison wrote: >>> Can we restrict mails sent from the local host to only be allowed to >>> have their sender/from address be from a valid domain in >>> /etc/localdomains? >>> >>> If a php script is used by a spammer he will usually set the from >>> address to something other than the real domain e.g. >>> [EMAIL PROTECTED] As paypal.com in not listed in localdomains can >>> we reject it? >>> >>> I hope I am making sence. Thanks in advance. >>> >>> Will >>> >> > > -- .O. ..O OOO PGP key: http://www.llorien.org/gnupg/key.pub
signature.asc
Description: OpenPGP digital signature
-- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
