Hello,
I'm trying to prevent one category of spam: the one that comes with a SMTP "from" that is different from the MIME "from" field.
It seems to me that this is a very reasonable option, in particular if you implement SPF: there is no reason to accept mail that has a different server in the mail message than in the SMTP transaction but the fact that this is not disallowed is used to work around SPF validation.
Any suggestion about how that can be done using ASL ?
Edit: just a bit of context: I am trying to protect less technical users. My mail server was recently hit by a wave of spam that have MIME from set to internal users while using completely different SMTP from addresses. In this configuration, despite having set SPF and DKIM for all my domains and having setup ASL to use these protocols, the mails where allowed through.
For the end users, the result is that the mail seems to come from an internal user and there is no way to found about the forgery without checking the message headers (good thing that postfix does add the "envelope-from" to the "received" header: exchange doesn't)
Thanks
This thread was automatically locked due to age.
