I have an interesting problem I haven't been able to solve. I keep searching for a solution but I can't seem to find an answer.
Users of my domain are required to authenticate in order to submit email. Additionally, SPF is enabled and rejects all mail not originating from my MX server (v=spf1 a mx -all). I have manually tested both of these policies and they are working as they should, except in one case: if the MAIL FROM and RCPT TO address are the same, the mail is accepted without requiring authentication, and without validating the SPF record. This means some spam gets through by simply claiming to be from me to me. Any ideas why Exim does that and how to block it? -- Al T. [email protected] -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
