Hi,
i need a little help with my exim relay configuration.
---------
router:
smarthost:
driver = manualroute
transport = remote_smtp
domains = !+local_domains
route_data = ${lookup mysql { select mxhost from smtp_auth where \
address='${quote_mysql:$sender_address}' \
and relay_enabled='Y'}}
more = false
---------
transport:
remote_smtp:
hosts_require_auth = mail.gmx.net
hosts_require_tls = mail.gmx.net
---------
authenticator:
cram:
driver = cram_md5
public_name = CRAM-MD5
client_name = ${lookup mysql {select username from smtp_auth \
where address='${quote_mysql:$sender_address}' \
and relay_enabled='Y'}}
client_secret = ${lookup mysql {select password from smtp_auth \
where address='${quote_mysql:$sender_address}' \
and relay_enabled='Y'}}
server_set_id = $1
---------
the smtp_auth table looks like this:
address username password relay_enabled mxhost
user1@??? 12345678 pw1 Y mail.gmx.net
user2@??? 87654321 pw2 Y mail.gmx.net
The users login with a username that equals their external email
address. These logins are stored in another table. The purpose of this
configuration is that local users can send their mail to the local smtp
server and this server sends the mail over the real external mail
relay(e.g. gmx.net) to avoid problems with spam filters.
The problem is that user2 can send a mail in the name of user1, because
their are no checks if the $sender_address equals $authenticated_sender.
I have tried to use $authenticated_sender in the router configuration,
but the mysql log shows an empty entry. Maybe $authenticated_sender is
only useable in certain parts of the exim configuration. In the exim4
book i have found nothing that points me in the right direction.
Thanks in advance for any hint.
f_x
