On 19 Mar 2004 at 18:43, Bruce Richardson wrote about
"Re: [Exim] SMTP Auth doesn't preven":
| On Fri, Mar 19, 2004 at 05:14:18PM +0100, Giuliano Gavazzi wrote:
| > a more general solution would actually check the possibility that
| > $sender_address_local_part is an alias for $authenticated_id, or more
| > precisely, for the local_part corresponding to $authenticated_id (in
| > case of virtual domains).
| > I haven't worked out the details on how to do that, but it is clearly
| > possible.
|
| Well, a really general solution would have something like
|...
Depending on what you want to accomplish, another option is to simply
add an X- header to the message with the authenticated ID. IOW,
don't try to prevent spoofing, which can have legitimate reasons,
just make the real sender ID visible so abuse can be dealt with.
- Fred
