Hi, I have a setup whereby we check for spoofing. That is, anyone using an envelope from in our domain is blocked. In a similar fashion we stop our own hosts from spoofing others.
For reference: - external spoofing: check_sender_access: mysql /etc/postfix/mysql-spoofing.cf - internal spoofing check_client_access + check_sender_access (by use of custom restriction class) This works fine, and as I see it there is no reason why anyone should ever use spoofing (of a domain, not their own). However, as things go in business, we have the request that: - We must allow internal hosts to spoof (e.g. gmail) - We must allow other parties to spoof us (marketing e-mails send out by bulk hosts) In effect removing these restrictions (are introduce exceptions that open up complete network segments). Input from the marking company reads: It is common to do this. (My internal voice says: for spam hosts you mean). My question in short: Should I allow this? They can put in the header whatever they want as long as they leave the envelope sane.
