On 2020-08-09 Nick wrote: > For mail sent via submission it's possible to prevent a forged > mail-from, by using options on the submission service in master.cf. > > It's also possible to prevent a forged header-from, by using a > submission-specific cleanup service, as in the BUILTIN_FILTER_README. > > But these don't work for mail originating locally via the sendmail > command. What does work for that?
Nothing. The sendmail command submits mail via pickup, i.e. puts it as a file into a particular directory from which the pickup daemon then reads the file. The usual filters don't apply to that. What you can do is disable pickup entirely so that even local users are required to submit mail via SMTP (on localhost). Regards Ansgar Wiechers -- "Abstractions save us time working, but they don't save us time learning." --Joel Spolsky
