Re: [Exim] Adding a header only if sender was authenticated?

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
M\j2 at <-
MMHanasaki JiJi at ->
Delete this message
Reply to this message
Author: Nico Erfurth
Date:  
To: j2
CC: exim-users@exim.org
Subject: Re: [Exim] Adding a header only if sender was authenticated?
On Sun, 26 Jan 2003, j2 wrote:

> > In your MAIL ACL add
> >
> > warn message = X-Authenticated-As: $authenticated_id
> >      authenticated = *

>
> Thanks. That was easy enough, but.. is there any way to de-spoof that? As in
> i just relized that anyone could fake such a header in a mail, correct?


You could use some md5-hashing to make it more secure. 

warn message = X-Authenticated-As: $authenticated_id \
               (${md5:Secret$authenticated_id})
     authenticated = *


This will allow you to check the value later, if needed.
or you add two headers, like 

warn message = X-Authenticated-As: $authenticated_id \n\
               X-Authenticated-As-Hash: ${md5:Secret$authenticated_id}
     authenticated = *


this will make the check itself a bit easier.

Nico



This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [Exim] Adding a header only if sender was authenticated?Re: [Exim] Adding a header only if sender was authenticated?->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)