Re: [exim] $sender_address rewritten by SMTPAuth

Pàgina inicial
Delete this message
Reply to this message
Autor: Tony Finch
Data:  
A: exim-users
Assumpte: Re: [exim] $sender_address rewritten by SMTPAuth
On Thu, 22 Dec 2005, Marc Sherman wrote:
>
> You should seriously consider setting up a router that allows you to use
> auth user names as local parts (or, alternatively, changing the auth
> user names to match the existing local parts), though. With
> sender_retain, you're trusting your users to set the correct From
> address, which is trivially spoofable.
>
> This is particularly important if you allow users to send mail From
> shared role accounts.


Agreed: that is how we designed submission mode to be used. At Cambridge
we allow our users to use any email address with our email system
(especially role addresses, but also vanity addresses, hem hem) and
submission mode marks the message with their authenticated identity,
complete with their full name. However you won't get a proper view of it
from this message because the list smashes the Sender: header...

http://www.cam.ac.uk/cs/email/sending.html might be of interest.

Tony.
--
<fanf@???> <dot@???> http://dotat.at/ ${sg{\N${sg{\
N\}{([^N]*)(.)(.)(.*)}{\$1\$3\$2\$1\$3\n\$2\$3\$4\$3\n\$3\$2\$4}}\
\N}{([^N]*)(.)(.)(.*)}{\$1\$3\$2\$1\$3\n\$2\$3\$4\$3\n\$3\$2\$4}}