Re: [Exim] identifying real sender

Top Page
Delete this message
Reply to this message
Author: Jeffrey Goldberg
Date:  
To: akb
CC: exim-users
Subject: Re: [Exim] identifying real sender
On Tue, 27 Mar 2001 akb@??? wrote:

> [...] What I would like to do is have a special alias director that
> will accept a class name like ss01-cse-498-2@??? and then do a mysql
> lookup for all of the students matching that class and look up the
> professor's name in another table to see if he/she is authorized to mail
> to that class.


I very strongly recommend that you use a mailing list manager (mailman,
majordomo, ezmlm, etc) for this. You can dump your lists (and authorized)
posters nightly via a script from your msql database to whatever form the
particular mailing list manager likes.

> I've got part of that working with the following
> [...]


> My problem is the $sender_address can be easily faked. Is there any way
> to check the validity of $sender_address in Exim?


No. Nor in anything else. Again, mailing list managers can be set up to
require a password.

BTW, are you really concerned about students faking the email addresses of
faculty at your university? Since such a forgery would be immediately
detected, and in all likelihood you could find the forger easily, it
stikes me that in this context fear of desciplinary action ought to be
enough to prevent forgeries.

If not, mailing list management systems can be set up to use passwords or
various cookies for approving posts.

-j

--
Jeffrey Goldberg
I have recently moved, see http://www.goldmark.org/jeff/contact.html
Relativism is the triumph of authority over truth, convention over justice