Re: [Exim] Sender address check for authenticated users

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Oliver Eikemeier
Date:  
À: Oliver Egginger
CC: exim-users
Sujet: Re: [Exim] Sender address check for authenticated users
Oliver Egginger wrote:

> Hello,
>
> I want to check the domain of the (envelope) sender address if a user is
> authenticated. Authenticated users are allowed to relay through
> our mailgate but only if they use a local sender address. I'am at a loss
> at the moment. The acl_smtp_auth ACL would be a nice place for doing
> this, but the AUTH command could happend before the MAIL FROM command
> appears, I think. Also I can't restrict everybody to local sender
> adresses, cause I want receive mail from the internet from everyone for
> our local users.
>
> At the moment I got this acl:
>
> ------------
>
> acl_check_rcpt:
>
>   deny    local_parts   = ^.*[@%!/|] : ^\\.

>
>   accept  local_parts   = postmaster
>           domains       = +local_domains

>
>   require verify        = sender/callout
>   require verify        = recipient

>
>   accept  domains         = +relay_to_domains
>   accept  authenticated = *

>
>   deny    message       = relay not permitted

>
> ---------
>
> This seems to work fine but authenticated users can use every address
> they like. How can I restrict them to local addresses (domains) ??
> Every hint would be appreciated.


acl_smtp_mail = acl_check_mail

acl_check_mail:

  deny   !sender_domains = +local_domains
          authenticated  = *


But it is overly restrictive, I think. A
  warn    message        = X-Authenticated-Sender: $authenticated_id
          authenticated  = *
would be more appropriate.


Regards
    Olivier