On Thu, 16 Sep 2004, Alan DeKok wrote:
I'm not sure how any "MAIL FROM" checking can prevent spoofing on a
shared MTA.
For a rough outline, see
http://www.cus.cam.ac.uk/~fanf2/hermes/doc/antiforgery/cam.txt
In summary: users submit email using SMTP AUTH. They are prevented from
using a bounce address that belongs to someone else (which is reasonably
easy to do with Exim). Their bounce address is modified according to BATV
or a similar scheme; the tag provides a guarantee that the message was
submitted by the authenticated user identified in the bounce address. Each
time a message is passed through the system for unauthenticated relaying
the bounce address is checked: if it's a local address it must be
correctly modified according to BATV.
Tony.
--
f.a.n.finch <dot(_at_)dotat(_dot_)at> http://dotat.at/
CAPE WRATH TO RATTRAY HEAD INCLUDING ORKNEY: SOUTHERLY 5 OR 6, DECREASING 4
FOR A TIME, BUT BACKING SOUTHEASTERLY AND INCREASING 6 TO GALE 8 OVERNIGHT.
RAIN LATER. GOOD BECOMING MODERATE. MODERATE OR ROUGH, OCCASIONALLY SLIGHT IN
THE MORAY FIRTH.