Bowie Bailey wrote:
whitelist_from_rcvd
You can use this instead of whitelist_from. It requires a bit
more setup, but it is immune to the forgery problems of
whitelist_from. Use this to list each valid domainname/mailserver
combination. Note that this requires a correct internal_networks
configuration to work properly.
For a less effort solution, you can use whitelist_from_spf in SA 3.1 if you've got SPF set up in SpamAssassin and the domain in question publishes SPF records.
Daryl
