On Sun, 26 Jan 2003, j2 wrote:
> > In your MAIL ACL add
> >
> > warn message = X-Authenticated-As: $authenticated_id
> > authenticated = *
>
> Thanks. That was easy enough, but.. is there any way to de-spoof that? As in
> i just relized that anyone could fake such a header in a mail, correct?
You could use some md5-hashing to make it more secure.
warn message = X-Authenticated-As: $authenticated_id \
(${md5:Secret$authenticated_id})
authenticated = *
This will allow you to check the value later, if needed.
or you add two headers, like
warn message = X-Authenticated-As: $authenticated_id \n\
X-Authenticated-As-Hash: ${md5:Secret$authenticated_id}
authenticated = *
this will make the check itself a bit easier.
Nico
