> From: JDavila > How can I prevent Sender Forgery for my server.
In almost all spam letters sender is forged. What's the difference what the forger specified as the sender - address of some innocent bystander or address of the recipient? You need to block spam (not throwing baby out with the dirty water, i.e. minimizing false positives - a honest letter erroneously classified as spam) irrespective of what is specified as sender (except checking that sender domain exists: verify=sender). You can safely reject if one of your domains is specified in HELO, but not if it's specified as sender. > Alot of people in my > company are getting e-mails from themselves. They should be able to get real (not spam) emails from themselves. Some maillist servers don't change sender. Users should recieve their own messages sent to maining lists. One of members' complaints often quoten on mailing lists for moderators of mailing lists is that GMail discards letters with same Message-Id as already kept including copy of sent mail, so that members don't recive their own messages sent to mailing lists, so cannot know whether the message was disapproved or edited by a moderator. Also, users should be able for a test to send a letter to an external forwarder which forwards the letter to the user, it's the easiest way to quickly test that both outgoing and incoming paths work at the time. > Any Ideas will be greatly > appreciated. I attached my ACLs to http://wiki.exim.org/DbLessGreyListingRun They proved to be surprisingly effective for fending spam and viruses though my goal was minimizing false postives. Lena -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
