Mark Turrin <[EMAIL PROTECTED]> writes:
> Isn't there a way to deny mail that spoofs your own address by
> checking the IP# of the connecting machine. If the machine's IP#
> isn't in your domain the mail address is forged and should be
> rejected.
>
> It seems that this kind of checking should be something the MTA
> would handle straight away before tmda even sees the mail.
> Authentic mail from [EMAIL PROTECTED] would have to connect from a
> machine in your pool of IP numbers.
Yes, exactly. In Postfix, I accomplish this using the following:
In main.cf,
smtpd_recipient_restrictions =
permit_mynetworks,
check_sender_access hash:/etc/postfix/sender_checks,
[...]
And then in /etc/postfix/sender_checks:
[EMAIL PROTECTED] DISCARD
So the ``permit_mynetworks'' setting takes precedence and allows me to
send mail from [EMAIL PROTECTED] as long as I'm doing so from within
my network. Other attempts (obviously forgeries) are discarded. I
DISCARD rather than REJECT, because otherwise [EMAIL PROTECTED] would
get back the rejection message which would sort of defeat the purpose.
> Does qmail do this?
TMDA FAQ 4.10 lists two workarounds for qmail.
http://tmda.net/faq.cgi?req=show&file=faq04.010.htp
_____________________________________________
tmda-users mailing list ([EMAIL PROTECTED])
http://tmda.net/lists/listinfo/tmda-users
