No, that's not correct, the Return-Path cannot be forged with my setup, because that is created upon entering the MAIL FROM:
Since relaying-permissions depend on whether that relayer has been authorized, "external" users can only issue an MAIL FROM: that is NOT in the baddomains - file (note: my test.com is in the baddomains file, thus anyone claiming to be @test.com will be unable to send unless he previously was authorized by the POP before SMTP procedure). Thus, I want to keep my own domain in the whitelist, so that all my accounts can communicate with each other ~ they all do POP before SMTP. To rephrase my question: I would like TMDA to ignore the From: fields and any other From: - like headers and ONLY use the Return-Path - header for verification with the whitelist. Thanks On 11/3/05, Stephen Warren <[EMAIL PROTECTED]> wrote: > Flo Leibert wrote: > > Hi again, > > I forgot to add that I have of course my domain (test.com) in the > > whitelist, because user1 should be able to receive mail from user2 etc > > (lots of new users/lists, so it would be inconvenient if, once one is > > created he had to be confirmed...) ~ However, I use POP before SMTP > > authentication, thus I really need to rely on the Return-Path/RCPT TO > > and need TMDA to ignore any other From: fields. > > I still don't understand how that helps you. > > All of SMTP "mail from", Return-Path header and From header can be just > as easily forged. > > The only way to stop spammers sending email pretending to be from your > user ID, or domain, is for your mail server to block it. > > > _____________________________________________ tmda-users mailing list ([email protected]) http://tmda.net/lists/listinfo/tmda-users
