Author: Marc Sherman Date: To: exim-users Subject: Re: [exim] $sender_address rewritten by SMTPAuth
On Thu, 2005-12-22 at 14:43 +0000, Tony Finch wrote: >> Submission mode assumes that usernames are valid local parts,
>> because it is designed to work like local submission on a Unix box.
>> If this isn't the case for you, you probably want the
>> /sender_retain option. You also need verify=sender.
Josh Berry wrote: >
> That did the trick. Thanks very much
You should seriously consider setting up a router that allows you to use
auth user names as local parts (or, alternatively, changing the auth
user names to match the existing local parts), though. With
sender_retain, you're trusting your users to set the correct From
address, which is trivially spoofable. Tony's verify=sender suggestion
will ensure that the bounces are deliverable, but it can't ensure that
they're deliverable to the user who actually deserves them.
This is particularly important if you allow users to send mail From
shared role accounts.