On Tue, Dec 23, 2008 at 09:38:22AM +0000, Peter Bowyer said: > 2008/12/22 Matthew Newton <[email protected]>: > > On Mon, Dec 22, 2008 at 07:44:49AM -0800, [email protected] wrote: > >> You might want to look into implementing SPF. It would catch any mail > >> forged from your domain. www.openspf.org > > > > Probably more reliable to configure BATV, which will refuse all > > bounces if they are not arriving at a 'signed' address. Immediate > > fix for the joe-job problem. > > ... with the caveat that all outgoing mail must be signed, implying > that it (probably) all needs to flow out through the same MTA. > Otherwise you risk rejecting bounces to mail that was sent genuinely > but not BATV-signed (which may or may not be important depending on > the implementation).
BATV is a standard, so if you have two MTAs implementing it correctly, it shouldn't matter which one the mail left from. This is, of course, only in theory - I am quite sure someone will manage to come up with a case where this breaks :) Cheers, -- -------------------------------------------------------------------------- | Stephen Gran | In God we trust; all else we walk | | [email protected] | through. | | http://www.lobefin.net/~steve | | -------------------------------------------------------------------------- -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
