Re: [exim] sender return-path mismatch again

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Thomas Fini Hansen
Datum:  
To: Marten Lehmann
CC: exim-users
Betreff: Re: [exim] sender return-path mismatch again
On Wed, Aug 25, 2004 at 05:46:51PM +0200, Marten Lehmann wrote:
> Hello,
>
> some time ago, I asked for a way for customers on a webserver so send
> emails with an arbitrary sender-address. I have
>
> untrusted_set_sender = *
> local_from_check = false
>
> in my configuration right now. If someone calls
>
> sendmail -t -flehmann@???
> From: lehmann@???
> To: lehmann@???
> Subject: test
>
> this mail indead has the sender-address and return-path lehmann@???.
> But this -f option is too complicated to use because it is unknown to
> the most users. Most of them are just using the mail()-function in PHP
> and don't care about return-path and sender-address. And I guess you


Worse, the 5th parameter of the PHP mail() function is not allowed in
safe mode, so it can actually be impossible for the users to do the
right thing, even if they know how (short of writing their own SMTP
engine).

This part can be fixed by simple rewriting, this seems to work on one
of our webservers (Exim 3, yes, I know, it could do with an upgrade):

www-data@* "${if def:h_from: {$h_from:}{<webmaster@???>}}" Frsw

However, this does bring in the problem of tracking who sendt mail, in
our case at least.

About the shared php.ini, this should be solvable by adding the right
php_admin_value entries in the Apache virtual host section.

Which is what is on my todo.. Make a wrapper script for the sendmail
binary, which can log who, what and where.

--
Thomas
beast@???