--On 17 February 2010 10:42:28 +0000 Dave Evans <[email protected]> wrote:
> > Other than that, I'd look into: requiring SMTP AUTH; rate limiting; > allowing only whitelisted sender domains. Or maybe some combination, > like only applying rate limiting if the sender domain isn't whitelisted. > I'd second that. You *really* should not be relaying domains that your customers don't own. If the domain does belong to your customer, though, then there's no harm in doing a sender verification callout. But, you'd still be better off requiring the customer to authenticate. -- Ian Eiloart IT Services, University of Sussex 01273-873148 x3148 For new support requests, see http://www.sussex.ac.uk/its/help/ -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
