Ron Gorodetzky <ron@???> wrote:
[announce-only mailing list]
> Anyway, for most mailing lists, messages that are to be distributed to
> the list are sent to say, foo-list@???. I can restrict the
> mailing list software to only accept mail to the mailing list from a
> specific email address, say, admin@???. But that address can be
> easily spoofed.
> How can I instruct _exim_ to accept email from admin@??? to
> foo-list@??? _only_ if the message originated from the local
> machine or through a regular TLS secured SMTP connection directly to the
> server (I'm referring to when admin@??? sends an email from the
> email client on their own computer using the example.com SMTP server
> with the correct user/pass and whatnot).
> First, is this possible?
Hello,
Something like this in the rcpt ACL should work (insert it immeditaely
before the statement that would accept recipients = foo-list@???):
deny recipients = foo-list@???
senders = admin@???
acl = !allow_list_mailing
with allow_list_mailing defined like this:
allow_list_mailing:
accept hosts = 127.0.0.1:@
accept authenticated = *
condition = ${if eq{$authenticated_id}\
{usernameofadminuserinSMTPAUTH}{yes}{no}}
#deny otherwise
deny message = not autoristed to mail to announce-onle list
And take care to use server_set_id in your SMTP authenticators to set
$authenticated_id e.g:
cram_md5_server:
driver = cram_md5
public_name = CRAM-MD5
server_secret = ${extract{2}{:}{${lookup{$1}lsearch{CONFDIR/passwd}{$value}f
l}}}
server_set_id = $1
Everything untested.
> Second, will this actually help in preventing
> the spoofing of the admin@??? address, thus keeping fake
> announcements from showing up on the foo-list@??? mailing list,
> or am I missing something?
[...]
I do not think you are missing something.
hth, cu andreas
[1]
--
"See, I told you they'd listen to Reason," [SPOILER] Svfurlr fnlf,
fuhggvat qbja gur juveyvat tha.
Neal Stephenson in "Snow Crash"
http://downhill.aus.cc/
