Peter Bowyer wrote:
> On 29/03/07, Renaud Allard <[EMAIL PROTECTED]> wrote:
>> This already works quite well without that much hassle:
>> deny
>> message = Faked paypal.com.
>> log_message = Fake paypal
>> senders = [EMAIL PROTECTED]
>> condition = ${if match
>> {$sender_host_name}{\Npaypal.com$\N}{no}{yes}}
>
> OK, but it will break when PayPal make network changes, forget to set
> up rDNS for a while, etc etc etc.... since they take the trouble to
> sign with DK, and publish SPF, why not use one of those
> standards-based mechanisms, that will scale to any other participating
> domain without you needing your own knowledge of their network?
> The thing is, any of these methods (including mine of course) require you to make a rule for each single domain, which is quite a hassle anyway. I cannot deny all mails that don't have DK. I also cannot deny all mails that fail SPF (citrix being the most notable I have seen having wrongly configured SPF). Also because some people may add servers and forget to put them in SPF or put them in prod while DNS cache is still active on some DNS. And I have to know what their rdns are to use the rules I posted. So none of these are totally safe and all require a particular configuration.
smime.p7s
Description: S/MIME Cryptographic Signature
-- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
