On Tue, 17 Sep 2013, [email protected] wrote: > > From: Michael Deutschmann > > > Despite the reference to "per Hour" in the subject, I think what he's > > asking for is not rate limiting, but making sure that all relayed mail is > > sent "from" the mailbox assigned to the user who owns the credentials. > > Some honest users need to send mail with "From:" and envelope-from > different from $authenticated_id . For example, *-owner @ yahoogroups.com, > @ ieee.org - they don't offer outgoing relay, only incoming forwarder.
Supporting that is problematic. If the user specifies a forged envelope sender and the recipient refuses it in-transaction, you will backscatter at that envelope domain. To avoid this, it would be quite reasonable to lock down the MAIL FROM by default, and only add narrow exceptions on explicit request. However, if it's really essential to avoid the support calls, there are two minimal steps you can take: First, when they are using the "correct" domain, you have nothing to lose by forcing them to use the correct local part. If it is an outside domain, you could run an SPF check against your smarthost's own outgoing IP and the requested MAIL FROM:. If the result is softfail or fail, then it's safe to assume that domain does not approve of such use. You can't do this with the "spf =" ACL command, but it looks like it can be done in Exim with the spf lookup (which doesn't seem to be documented anywhere...). ---- Michael Deutschmann <[email protected]> -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
