had noforgeme checked. just activated from_check. we'll see what happens.

thanks

david camm
advanced web systems
keller, tx


On 4/18/2016 9:52 AM, Ed wrote:
> Hi,
>
> Try g_from_check and g_from_noforgeme    there are some other 
> strategies but this will get you started.
>
> --Ed
>
> On 04/18/2016 10:36 AM, David Camm wrote:
>> every once in a while - luckily not too often, a user's machine picks up
>> some malware and the result is that their smtp credentials are stolen
>> and then used by the bad guys to send a bunch of spam.
>>
>> apparently they can log in but then send with a completely different
>> 'from' address.
>>
>> since we require the complete email address as part of smtp login (ie
>>HIDDEN@advwebsys.com), is there some setting or some rule which would
>> reject any attempt to log in as HIDDEN@validdomain.com' with a from
>> address of, say HIDDEN@nny@invaliddomain.eu'?
>>
>> david camm
>> advanced web systems
>> keller, tx
>>
>>
>>
>