search for: devcubesometh

...hod to check this anywhere. People are allowed to put what they want there. The setups in question do NOT allow unauthenticated submission with a FROM from the internal domain. I have erased the email in question, so I cannot give an exact example but it is something like this: From: something at devcubesomething.org (I remember cube and dev in the domain) To: trever at thedomain (yes it was sent to me, thankfully not one of the other users) Reply-To: info at thedomain (yes, stupid account to use, but that was it) Subject: Your account will be deleted/deactivated Some nonsense about having failed to...

So, one of the problems I am seeing is that people are trying to fake users into revealing information by sending from an outside domain but with an internal reply to address and claiming to be administration, IT or what not. I can set up something that will reject if from is outside the domain by reply to is internal. The problem is in some setups, there are fetchmail setups. I do not want to