Reject or tag email signed with

Matt Kettler mkettler at EVI-INC.COM
Wed Jul 13 16:32:24 IST 2005

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Hancock, Scott wrote:
> Greetings,
> I'm trying to figure out a way to reject all mail signed with my domain.
> I know the only IP addresses that should be allowed to use
> in the sender so all others can be rejected.
> Exim 4.52  -  an ACL operates on the envelope sender.  Not what I want
> right?

Right, although you could get some value from checking the envelope sender. It
wouldn't be a comprehensive solution, but it would be a start. (A lot of forged
messages have the envelope sender matching the From: header, such as most of the
viruses that forge mail from "webmaster at")

> SA 3.0 - will look at the header.  Do I write a custom rule?

You could, it would have to be a group of 3 rules, 1 checks the received to see
if it's your domain, 1 checks the from to see if it is your domain, and a meta
rule that fires if the from matches but received doesn't.

> MS 4.41 - With a custom rule in place do I whitelist my IP's here?
> SPF - I haven't looked into this yet.  Should I start here?

SPF would work very well for this. Forgery detection is really what SPF is
designed to do.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki ( and
the archives (

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list