Yes there's a setting :
g_from_exact - Check from matches authenticated user
Check from matches authenticated user. If user is not authenticated the
setting is skipped.
Should be used with g_from_bounce "true" which basically forces them to
authenticate and then makes this setting work properly.
Syntax: g_from_exact bool
On 09/20/2013 05:46 PM, David Camm wrote:
> been a fun few days :-(
> the reason i sent my previous post about being blocked by sorbs was that
> a customer had two workstations compromised with a trojan which
> succeeded in giving the hackers the passwords to their email accounts.
> using this information, they were able to authenticate and send large
> quantities of spam. tracing a bunch of the originating ip addresses, the
> majority of the connections came from ukraine or the russian federation
> (why am i not surprised???)
> of course, cleaning the infected systems and changing the account
> passwords stopped this.
> the spammers used a different from address for each email instance. they
> would useHIDDEN@main.com, firstname.lastname@example.org, email@example.com, etc.
> HOWEVER, looking at the emails before i deleted them from the queue,
> there was an x-authenticated-user header, which contained the address of
> the hacked account (say,HIDDEN@domain.com).
> clearly the from address and the authenticated user address were different.
> it seems to me that there are no 'legal' instances where these two
> addresses would be different.
> while more and more customers are using imap on their mobile devices,
> these devices still send using smtp (i believe). therefore using
> settings which restrict smtp_auth to a given ip set couldn't work.
> we universally require smtp authorization.
> if there's a config setting which says: "on send, if envelope from is
> NOT authenticated user address, drop the send then disconnect" i'd
> appreciate knowing what it is.
> if no such setting exists. does it make sense to implement it?
> david camm
> advanced web systems
> keller, tx
EAS Enterprises LLC
World Class Web and Email Hosting Solutions
IPv6 ready today for your needs of tomorrow!
Ask us about dual-stacking your site
Last Message | Next Message
Site Map |
Contact Netwin |
POP3 Mail Server |
Linux Webmail |
UnInstall instructions for all products
Copyright © 2017 Netwin Ltd. All rights reserved.