[Exim] verifying a local sender from an [effectively] truste…

Top Page
Delete this message
Reply to this message
Author: Rick Ennis
Date:  
To: exim-users
Subject: [Exim] verifying a local sender from an [effectively] trusted user
Here's a weird one. I have some users on IMP (which is a web interface to
imap) and it connects to my exim 4.14 daemon via a local pipe to send
outgoing messages. IMP runs under Apache which is run as system user
"nobody" so that's what exim registers as making the connection. I couldn't
figure out how to allow IMP to set the message sender (other than making
"nobody" a trusted user, which I obviously didn't want to do) so I ended up
doing a header rewrite on the envelope sender. But that's not my question.

The issue is I want to make sure that local IMP users don't have a
super-easy time forging mail. As it is, I have an "acl_not_smtp" ACL that
checks the sending domain...

check_local:
accept senders = :
require sender_domains = +local_domains
accept

But that does nothing to verify the local_part of the sender. I know I
can't guarantee that they won't forge their address to "some other valid
local address," but I'd like to at least make sure the sending address *is*
a valid one. Ideally I'd like to do something like this...

check_local:
   accept senders = :
   require sender_domains = +local_domains
               verify = sender
   accept


That way I'd run the outgoing sender address through my routers in verify
mode just to make sure it's an address (alias, whatever) that can receive a
response. But "verify = ..." isn't valid in the "acl_not_smtp". How do
other people handle this? I imagine it would be a concern not just for IMP
users, but any mailer setup that sends mail locally via a pipe.

I guess the rewrite mentioned above is really just skirting the trusted user
concept. Is that what I'm doing differently from everyone else? It should
be either a trusted user --which should bypass the "verify=sender" check, or
it isn't --which can't change/rewrite the sender in the first place? What
about virtual users, like some configurations offered by courier-imap? They
just rely on courier to enforce a legitimate sender address?

--
Rick Ennis