Oliver von Bueren wrote: <trimmed)
> A clean way without any risk is probably not possible. If you have a > list of members and only inform them if they send a message to the > noreply@ address, this reduces the risk quite a lot. But then why would > you want to do that if you can limit the senders which can send you mail > to that email address then anyway? It only annoys to do it through a web > page and not just use regular email to get in contact with a company one > does business with anyway. > A 'reasonably clean' way - presuming one is already running a Mailing List Manager, is to establish a specialized internal list with at least your 'responsible party' as a member, and at most, a team of several folks, such as sales or helpdesk staff. IF the 'main' list(s) are set closed, optionally 'no post' (outbound only), AND the messages show the 'internal' list address as the from and reply-to, AND the internal list allows members of the main list(s) to post to it... THEN you'll have a valid address to the smtp world, YET handle any restrictions (such as 'must be a member of ..' within your MLM, rahter than askign Exim to make the choices. Not a great deal more work can insure that a closed-post list is not abused for backscatter bouncing of spam. As always, there should also be a working postmaster@ for each domain, but the above trick will at least separate membership traffic into a separately managed category, making it easier to keep the member on-side. > To implement such a solution, you'd probably have to build some ACL for > the RCPT part to only accept messages to that address from a list of > given sender addresses and then implement the autoreply. For some > examples of autoreply check out this faq wiki entry: > http://wiki.exim.org/EximAutoReply > > For the ACL in the acl_smtp_rcpt part you could start with something > like this... (not tested!) > > deny message = This address can only be used by registered > members. > recipients = [EMAIL PROTECTED] > senders = ! /list/to/addresses > > This causes a message sent to [EMAIL PROTECTED] not coming from an > address listed in the file (one address per line) to be rejected with > the given reason. > .. essentially duplicating what the MLM (as above) can do, and arguably earlier in the process and more efficiently. HOWEVER - any MLM still has a lage set of other handling options, many of them menu/box-tick configurable. Chief among these is simply the management of subscribe+confirm and unsubscribe properly, auto-pruning members who cannot be reached after 'n' attempts over 't' time, etc. Well-known behaviour patterns, ease of admin, and active admin/developer groups are good reasons to use an MLM rather than reinvent one within Exim. YMMV, Bill Hacker > This is not fool prof either, as the sender address can always be forged. > > Oliver > -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
