Ah.  I see it doesn't work if the sender is using an alias domain.  
Perhaps this is a case of educating users on which account to use.

- SteveP

On 11/24/2011 1:51 PM, Ed wrote:
> It's been around for a fairly long time.
>
> --Ed
>
> On 11/24/2011 12:29 PM, Steve Perrault wrote:
>> Thanks Ed. This is exactly what I'm after. How did I miss this? Is it
>> new for v5?
>>
>> - SteveP
>>
>> On 11/24/2011 12:19 PM, Ed wrote:
>>> g_from_must_exist - Require local from addresses to exist or reject 
>>> mail
>>>
>>> Can be useful in blocking dumb spam robots
>>>
>>> Syntax: g_from_must_exist bool
>>>
>>>
>>>
>>> On 11/24/2011 11:00 AM, Steve Perrault wrote:
>>>> SurgeMail Version 5.3i-31, Built Aug 24 2011 17:20:26, Platform Linux
>>>> (Surgeweb Enabled)
>>>>
>>>> Am I missing a setting? Is it possible to do this with surgemail?
>>>>
>>>> Our surgemail mirrors host hundreds of domains. Our users are getting
>>>> phish FROM a bogus account for the local domain. For instance,
>>>>HIDDEN@mnsi.net will get email from accounting@mnsi.net, or
>>>>HIDDEN@erservice@mnsi.net. I add the bogus addresses when they 
>>>> occur, but
>>>> sometimes the sender is random text, likeHIDDEN@mnsi.net.
>>>>
>>>> This could be mitigated if the sender address or envelope sender is
>>>> verified against the local user database when the sender's domain (in
>>>> From, or envelope sender) is a locally hosted domain.
>>>>
>>>> Back in the days of sendmail, I had a ruleset in place to do this --
>>>> compare FROM against passwd file). This was more to minimize customer
>>>> viruses which would fake the sender address by changing a character in
>>>> the user's email address (ie, change steve toHIDDEN@mnsi.net).
>>>>
>>>> - SteveP
>>>>
>>>>
>>>>
>>>>
>>>
>>
>>
>>
>