Re: [exim] how to confirm that user is sending mail from the…

Top Page
Delete this message
Reply to this message
Author: Tony Finch
Date:  
To: Lekshmi A. R
CC: exim-users
Subject: Re: [exim] how to confirm that user is sending mail from the id, with which he authenticated himself
On Mon, 15 May 2006, Lekshmi A. R wrote:

>     I have one problem. I have an exim mail server. I have even
> configured cyrus-sasl-pwcheck to do SMTP-AUTH. It is checking
> /etc/passwd file to do the authentication. Now the problem is even if
> the user who is trying to send a mail doesn't have a valid id in the
> server, he can authenticate himself with someother users id and send
> mail in his name.


In your localuser router, set address_data to the username that
corresponds to the address. This will then be available in
$sender_address_data in the ACLs after you have run verify=sender. Exim's
routing will trace through the aliases and eventually work out the
username as a side-effect. You can then compare it to $authenticated_id,
and reject the message if they don't match. For more deails have a look at
http://www.exim.org/mail-archives/exim-users/Week-of-Mon-20041101/msg00107.html

Tony.
--
<fanf@???> <dot@???> http://dotat.at/ ${sg{\N${sg{\
N\}{([^N]*)(.)(.)(.*)}{\$1\$3\$2\$1\$3\n\$2\$3\$4\$3\n\$3\$2\$4}}\
\N}{([^N]*)(.)(.)(.*)}{\$1\$3\$2\$1\$3\n\$2\$3\$4\$3\n\$3\$2\$4}}