On Fri, 3 Aug 2001, David Saez Padros wrote:
> But, how could I prevent:
>
> - That users forge the From: address
Make your authenticators set $authenticated_id to the id that
authenticated. Then write a filter that checks From: against that id.
> - That not authenticated clients use a local address as envelope or From:
Put something like this in your system filter
if $sender_host_authenticated is "" and
${domain:$sender_address} is not local.domain
then
fail "You are not authenticated and your From: is not local"
fi
--
Philip Hazel University of Cambridge Computing Service,
ph10@??? Cambridge, England. Phone: +44 1223 334714.
