From: "Salatiel Filho" <[EMAIL PROTECTED]>
To: "John D. Hardin" <[EMAIL PROTECTED]>
The comment still applies. It's trivially easy to forge mail such that
it appears to come from [EMAIL PROTECTED]
Take that out of the whitelist and SA will stop whitelisting
forgeries.
Well , i think i found where the problem is. Aparently return-path is
[EMAIL PROTECTED]
and SA checks return-path against WHITE_LIST :/
Is there a way to make SA check whitelist just against "from" ?
Salatiel, John is dead right. Do not use 'whitelist_from'. Use
something a little more rigorous such as 'whitelist_from_rcvd' or
even better if you have an SPF record and have SPF enabled in SA
'whitelist_from_spf'.
Do it right or it's going to false alarm on you horridly.
You may also need to examine your trust relationships. These are
address ranges from which you do not expect forged email. Of course
at a University I realize it's a bit if a push to trust yourself.
{^_^}
