Kevin Colagio wrote:
Hey folks,We have been getting some phishing attempts where the phishers are forging a local address to try and give some validity to their request for information. The messages are not generated locally, but but I don't want to do Sender Verifies for every message that comes in.What I'd like to do is have Exim only check local sender addresses and if it's not a valid address, reject the message. However, I'm not sure how to do this. Has anyone implemented something like this?Of course, if there's another way to do the same type of thing, I'd be interested in hearing it.
You should maybe restrict the use of your internal address to your internal mail servers. That means not accepting mails from your domains from unknown sources. This is cheaper to implement than callouts, but may or may not be possible depending on your requirements.
smime.p7s
Description: S/MIME Cryptographic Signature
-- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
