In that case, this leads to another question -- how, then, to reliably whitelist eBay? I would imagine they are a big target of forgers? I tried
def_whitelist_from_rcvd [EMAIL PROTECTED] ebay.com
but that didn't work. Now I just have
whitelist_from [EMAIL PROTECTED] yes
With IP addresses is there a greater chance of the server (theirs) crashing, and now the whitelist doesn't account for the backup mail server? Or if a company uses more than one mail server... getting all the IPs? Is this just something I should email support at eBay for and see if they've got something of a canned response for this?
Any ideas why my first whitelist_from_rcvd rule might not have worked? It's in a custom rules file I have (TireSwing.cf)... I linted, and all seemed fine??
Thanks, Andy
At 11:32 am 2004-12-14, Rob McEwen wrote:
Wouldn't the best options be to whitelist the sending server's IP address (209.237.227.199).
"FROM" values can be forged, both in the e-mail and in the SMTP envelope.
(Of course, we'd be in big trouble if the apache server were hacked or virus infected... but I'm assuming that the security there is top notch...)
Rob McEwen
