Re: [exim] How to verify and authenticate only for outgoing …

Pàgina inicial
Delete this message
Reply to this message
Autor: Lekshmi A. R
Data:  
A: Giuliano Gavazzi, Exim Mailing List, dot
Assumpte: Re: [exim] How to verify and authenticate only for outgoing mail
I also wanted to configure exim so that even authorised senders should not be able to fake their mail ids.

In AUTHENTICATION CONFIGURATION, I gave the following entries.

login:
        driver = plaintext
        public_name = LOGIN
        server_prompts = "Username:: : Password::"
        server_condition = "${if pwcheck{$1:$2}{1}{0}}"


and in ACL CONFIGURATION, the following entries.

require verify    = sender
          condition = ${if eq{$sender_address_data}{$authenticated_id} {yes} {no} }


Evem then I am able to send mails from fake addresses. How to check this.

Lekshmi A. R.
Computer Programmer
DCG, DIT
Canara Bank
Naveen Complex
#14, M. G. Road
Bangalore - 560 001
Ph: (080) 2558 4040 - 286
               2559 8548
  ----- Original Message ----- 
  From: Giuliano Gavazzi 
  To: Exim Mailing List 
  Sent: Sunday, May 21, 2006 7:18 PM
  Subject: Re: [exim] How to verify and authenticate only for outgoing mail




On 21 May 2006, at 15:37, Theo de Morée wrote:

> Hi,
>
  > My mail ACL is as follows:
  > acl_check_mail:
  >  require verify = sender
  >  drop condition = ${if eq{$sender_address_data}{$authenticated_id}  
  > {no} {yes} }
  >       message = Please authenticate first to use this mail address
  >  accept authenticated = *
  >  drop message = Please authenticate first

>
> It goes out on that last drop. I currently don't do any real
> recipient checking, so if you could give me a hint for that as well
> it would be great. Basically the server needs to act like this:
>
> - Outgoing mail: User needs to authenticate and use one of his own
> mail addresses (works now)
> - Incoming mail: No authentication of course, recipient(s) should
> be valid mail addresses on of the the server domains. If someone
> tries and send a mail to an unknown mail address the server should
> reply saying that it doesn't exist.


clearly you cannot, at the MAIL FROM stage, decide if a message is
for relaying or local delivery. You must do your authentication
enforcement at the RCPT TO stage and not apply it for recipients in
the local domains.
You can move all this to the rcpt acl and add a

!domains = +local_domains

condition to the authenticated_id check. But you could also revise
the logic as you first would accept authenticated users, then you
could accept for local_domains (except for some basic anti-spam rules
perhaps) and then you can just deny all the rest.
I do not think that using the deny verb is in general a good idea.

Giuliano


--
## List details at http://www.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/