On Wed, Jul 29, 2009 at 03:03:43PM +0100 I heard the voice of Clunk Werclick, and lo! it spake thus: > > My apologies for the terse caveat. As I understand it, there are > some external mail services that roaming users may use that forward > mail into your Postfix claiming to be from your domain. Myself I do > not use this.
The problem doesn't come from what you use, but from what any of your users may somewhere use. Imagine you are example.com, and have two users, a...@example.com, and b...@example.com. a...@example.com sends mail to b...@someother.domain (which you don't control, and know nothing about, short of looking up its MX record and sending the mail on its way). But b...@someother.domain is just a forwarder and forwards the mail on to b...@example.com. That forwarder won't (and quite probably _shouldn't_) change the envelope sender. Suddenly, you have mail from "outside", with an envelope sender that's you, but is perfectly legitimate. And pretty common. If you know all your users and know none of them do any such thing, filtering it works great. But if you're not absolutely sure, you could be setting out landmines. -- Matthew Fuller (MF4839) | fulle...@over-yonder.net Systems/Network Administrator | http://www.over-yonder.net/~fullermd/ On the Internet, nobody can hear you scream.
