Re: [Exim] Sender address check for authenticated users

Top Page
Delete this message
Reply to this message
Author: Dennis Davis
Date:  
To: Oliver Egginger
CC: exim-users
Subject: Re: [Exim] Sender address check for authenticated users
>
>From: Oliver Egginger <Oliver.Egginger@???>
>To: exim-users@???
>Organization: Fachhochschule Giessen-Friedberg
>Date: 16 Oct 2003 12:22:53 +0200
>I want to check the domain of the (envelope) sender address if a user is
>authenticated. Authenticated users are allowed to relay through
>our mailgate but only if they use a local sender address. I'am at a loss
>at the moment. The acl_smtp_auth ACL would be a nice place for doing
>this, but the AUTH command could happend before the MAIL FROM command
>appears, I think. Also I can't restrict everybody to local sender
>adresses, cause I want receive mail from the internet from everyone for
>our local users.
>
>At the moment I got this acl:
>
>------------
>
>acl_check_rcpt:
>
>  deny    local_parts   = ^.*[@%!/|] : ^\\.

>
>  accept  local_parts   = postmaster
>          domains       = +local_domains

>
>  require verify        = sender/callout
>  require verify        = recipient

>
>  accept  domains         = +relay_to_domains
>  accept  authenticated = *

>
>  deny    message       = relay not permitted

>
>---------
>
>
>This seems to work fine but authenticated users can use every address
>they like. How can I restrict them to local addresses (domains) ??
>Every hint would be appreciated.


Use a ACL variable. You can have:

  warn    authenticated = *
          set acl_m0 = 1


to determine whether or not an incoming message is authenticated.
Subsequent acl fragments can then use:

          condition = ${if def:acl_m0 {yes}{no}}


to differentiate between authenticated and unauthenticated messages.