Re: [exim] how to confirm that user is sending mail from the…

Top Page
Delete this message
Reply to this message
Author: Lekshmi A. R
Date:  
To: dot
CC: exim-users
Subject: Re: [exim] how to confirm that user is sending mail from the id, with which he authenticated himself
We are using exim-4.12 in some locations and exim-4.34 in other locations.

Lekshmi A. R.

----- Original Message -----
From: Lekshmi A. R
To: dot@???
Cc: exim-users@???
Sent: Tuesday, May 16, 2006 12:19 PM
Subject: Re: [exim] how to confirm that user is sending mail from the id,with which he authenticated himself


Our existing ROUTERS CONFIGURATION is as follows.

  system_aliases:
          driver = redirect
          domains = xyz.co.in
          allow_fail
          allow_defer
          data = ${lookup{$local_part}lsearch{/etc/aliases}}
          file_transport = address_file
          pipe_transport = address_pipe


  xyzhub:
          driver = manualroute
          domains = xyz.co.in
          transport = remote_smtp
          route_data = <<one ip address>>


  smart_host:
          driver = manualroute
          domains = !+local_domains
          transport = remote_smtp
          route_data = <<another ip address>>
  no_more


Can u explain how to modify this routers, so that even authorised senders will not be able to fake their adresses.

Lekshmi A. R.


  ----- Original Message ----- 
    From: Tony Finch 
    To: Lekshmi A. R 
    Cc: exim-users@??? 
    Sent: Monday, May 15, 2006 4:50 PM
    Subject: Re: [exim] how to confirm that user is sending mail from the id,with which he authenticated himself



    On Mon, 15 May 2006, Lekshmi A. R wrote:


    >     I have one problem. I have an exim mail server. I have even
    > configured cyrus-sasl-pwcheck to do SMTP-AUTH. It is checking
    > /etc/passwd file to do the authentication. Now the problem is even if
    > the user who is trying to send a mail doesn't have a valid id in the
    > server, he can authenticate himself with someother users id and send
    > mail in his name.


    In your localuser router, set address_data to the username that
    corresponds to the address. This will then be available in
    $sender_address_data in the ACLs after you have run verify=sender. Exim's
    routing will trace through the aliases and eventually work out the
    username as a side-effect. You can then compare it to $authenticated_id,
    and reject the message if they don't match. For more deails have a look at
    http://www.exim.org/mail-archives/exim-users/Week-of-Mon-20041101/msg00107.html


    Tony.
    -- 
    <fanf@???>   <dot@???>   http://dotat.at/   ${sg{\N${sg{\
    N\}{([^N]*)(.)(.)(.*)}{\$1\$3\$2\$1\$3\n\$2\$3\$4\$3\n\$3\$2\$4}}\
    \N}{([^N]*)(.)(.)(.*)}{\$1\$3\$2\$1\$3\n\$2\$3\$4\$3\n\$3\$2\$4}}


    -- 
    ## List details at http://www.exim.org/mailman/listinfo/exim-users 
    ## Exim details at http://www.exim.org/
    ## Please use the Wiki with this list - http://www.exim.org/eximwiki/