I don"t want our client become a spammer

Hello,

Some user have been change their 'From email Addrees' to other email address
and using our SMTP Service.
But the 'From' email Address have not in our mail list or domain.
I don't want our client become a spammer.
When the user is using our smtp service, they must be use login name &
password for Sendmail verification by outlook express.
However, How can I only allow 'From email address' of the all users in
accordance with our sendmail server mail account?
And I don't want base on this issue and let my sendmail open relay.

Thanks !!

Andrew Choi

Re: I don"t want our client become a spammer

Andrew Choi unleashed the infinite monkeys on 10/04/2008 22:16 producing:
> Hello,
>
> Some user have been change their 'From email Addrees' to other email address
> and using our SMTP Service.
> But the 'From' email Address have not in our mail list or domain.
> I don't want our client become a spammer.
> When the user is using our smtp service, they must be use login name &
> password for Sendmail verification by outlook express.
> However, How can I only allow 'From email address' of the all users in
> accordance with our sendmail server mail account?
> And I don't want base on this issue and let my sendmail open relay.

That doesn't make them a spammer. Have you considered that they may
legitimately have the email address in question? I've certainly done
that in the past with email addresses that I've had.

Frankly however, if you relay based only upon the From address, you
already are an open relay. You should only relay based upon
authentication or IP address.

--
Rob MacGregor (BOFH)

Rule 37: "There is no 'overkill'. There is only 'open fire'
and 'I need to reload.'"

Re: I don"t want our client become a spammer

Andrew Choi wrote:
> But the 'From' email Address have not in our mail list or domain.
> I don't want our client become a spammer.
> When the user is using our smtp service, they must be use login name &
> password for Sendmail verification by outlook express.

Your site policy is to decide, if authentification is enough that you
can identify a possible spammer and who is responsible if an user is
using a bad "From" address probably generating backscatter or ill-
routed mails.
You can identify the sender of SPAMs, if any, so I wouldn't care.
If you are responsible for valid "From" addresses of the mails of your
users -- and as Rob alreadt pointed out there are legit reasons for
using addresses not in any local domain -- there had been posts to
extend check_mail to verify that the address is matching the macro
auth_authen. However, I did this (for selected users) using MIMEDefang
instead of sendmail macros.

> And I don't want base on this issue and let my sendmail open relay.

You aren't IMO. An open relay allows _any_ (non-authentificated) user
to send mail to any off-site user.

ska