> >> >If not forged ([EMAIL PROTECTED] is a real account), then you could, >for the duration of the joe-job, have IMGate reject all MAIL FROM:<> but >only for the victim domain. > >> > >This question has always been in the back of my mind. I notice a ton of mail >coming from <>. How can this be legitimate mail.
legit bounce msgs are always from <>. In the advanced config, I have a restriction class from_null_sender.class, that treats that class of msgs as suspect and applies more aggressive restrictions. The logic is: if null sender, then reject if unknown PTR reject if unknown HELO you can see where bounces for AOL would get through that filter. But a new restriction could be added to that class that reject if recipient is @uccmadison.org >Secondly how do I block all <> and/or <> sent to a specific domain. It would be simple if this worked (it doesn't): to_recipients_joejob.map: uccmadison.org reject_null_sender ... because there is no postfix "reject_null_sender". reject_unknown_sender_domain isn't applicable because there is sender domain to know about. Maybe somebody else has an idea of how implement that logic without restriction classes. Len
