I also wanted to configure exim so that even authorised senders should not be able to fake their mail ids.
In AUTHENTICATION CONFIGURATION, I gave the following entries.
login:
driver = plaintext
public_name = LOGIN
server_prompts = "Username:: : Password::"
server_condition = "${if pwcheck{$1:$2}{1}{0}}"
and in ACL CONFIGURATION, the following entries.
require verify = sender
condition = ${if eq{$sender_address_data}{$authenticated_id} {yes} {no} }
Evem then I am able to send mails from fake addresses. How to check this.
Lekshmi A. R.
Computer Programmer
DCG, DIT
Canara Bank
Naveen Complex
#14, M. G. Road
Bangalore - 560 001
Ph: (080) 2558 4040 - 286
2559 8548
----- Original Message -----
From: Giuliano Gavazzi
To: Exim Mailing List
Sent: Sunday, May 21, 2006 7:18 PM
Subject: Re: [exim] How to verify and authenticate only for outgoing mail
On 21 May 2006, at 15:37, Theo de Morée wrote:
> Hi,
>
> My mail ACL is as follows:
> acl_check_mail:
> require verify = sender
> drop condition = ${if eq{$sender_address_data}{$authenticated_id}
> {no} {yes} }
> message = Please authenticate first to use this mail address
> accept authenticated = *
> drop message = Please authenticate first
>
> It goes out on that last drop. I currently don't do any real
> recipient checking, so if you could give me a hint for that as well
> it would be great. Basically the server needs to act like this:
>
> - Outgoing mail: User needs to authenticate and use one of his own
> mail addresses (works now)
> - Incoming mail: No authentication of course, recipient(s) should
> be valid mail addresses on of the the server domains. If someone
> tries and send a mail to an unknown mail address the server should
> reply saying that it doesn't exist.
clearly you cannot, at the MAIL FROM stage, decide if a message is
for relaying or local delivery. You must do your authentication
enforcement at the RCPT TO stage and not apply it for recipients in
the local domains.
You can move all this to the rcpt acl and add a
!domains = +local_domains
condition to the authenticated_id check. But you could also revise
the logic as you first would accept authenticated users, then you
could accept for local_domains (except for some basic anti-spam rules
perhaps) and then you can just deny all the rest.
I do not think that using the deny verb is in general a good idea.
Giuliano
--
## List details at
http://www.exim.org/mailman/listinfo/exim-users
## Exim details at
http://www.exim.org/
## Please use the Wiki with this list -
http://www.exim.org/eximwiki/