Re: [exim] Re: simple email spoofing prevention

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Ron Gorodetzky
Date:  
À: Andreas Metzler
CC: exim-users
Sujet: Re: [exim] Re: simple email spoofing prevention

Thank you, I think I understand this. I still have a bit of a hard time
with the syntax of the more complicated ${if/extract/lookup/etc} but I'm
working through them.

A couple of questions.

> Hello,
> Something like this in the rcpt ACL should work (insert it immeditaely
> before the statement that would accept recipients = foo-list@???):
>
> deny recipients = foo-list@???
>    senders = admin@???
>    acl = !allow_list_mailing

>
> with allow_list_mailing defined like this:
> allow_list_mailing:
>      accept hosts = 127.0.0.1:@

>
>      accept authenticated = *
>             condition = ${if eq{$authenticated_id}\
>                         {usernameofadminuserinSMTPAUTH}{yes}{no}}


Am I correct in thinking that if I wanted to make a file of valid
authenticated users I could do something similar conceptually to the
server_secret line below?

>      #deny otherwise
>      deny message = not autoristed to mail to announce-onle list

>


Why did you comment out the "deny otherwise" line? If a message isn't
accepted is it assumed to be denied?

> And take care to use server_set_id in your SMTP authenticators to set
> $authenticated_id e.g:
>
> cram_md5_server:
> driver = cram_md5
> public_name = CRAM-MD5
> server_secret = ${extract{2}{:}{${lookup{$1}lsearch{CONFDIR/passwd}{$value}f
> l}}}
> server_set_id = $1
>



Thanks again for your help,

-Ron