Re: [Exim] Marking the authenticated SMTP-User in the Header…

Página Principal
Apagar esta mensagem
Responder a esta mensagem
Autor: Tamas TEVESZ
Data:  
Para: Philip Hofstetter
CC: exim-users
Assunto: Re: [Exim] Marking the authenticated SMTP-User in the Header?
On Fri, 4 May 2001, Philip Hofstetter wrote:

> One question though: Is it possible to add the authenticated user that
> sent the message somewhere to the header? I mean something like


i've added

headers_add = "X-Authenticated-Sender: ${md5:${authenticated_id}SECRET}"

to the remote_smtp transport (note that this is not clean upstream
exim). this scrambles the username, while still letting you to very
simply reverse-engineer the md5 hash if you need to (ie. however big
your userbase is, it's still finite enough bruteforce to get the real
username back) while significantly reduces the chances of a bruteforce
attack succeeding. SECRET is a simple macro containing some fubarbaz.

also not that this solution is not perfect - being in remotre_smtp,
you don't have it when the address is local to your exim. i used to
have it in the received_headers section, but i also wanted to do a
headers_remove="Received" (to hide where user was sitting when she
sent the mail), and this resulted in the auth stuff not being added.
added, then removed, that is.

heh, stupid me. it just hit me - i could put headers_add to any
transport. here you go.

--
[-]
"cvs szerver a weben = olyan cvs szerver amit az interneten keresztul
cvs szerverkent el lehet erni" -- <dobos_s@???>