Re: [exim] Force valid sender domain from php

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Renaud Allard
Date:  
À: Will Harrison
CC: exim-users
Sujet: Re: [exim] Force valid sender domain from php
It will check the actual sender, the one in the "MAIL FROM:" SMTP
negotiation. This is the "return-path".

Of course, if your php scripts send everything as "www@localhost" (php
mail() function I think) this won't be a good solution. So you should
use a php function which speaks SMTP and force php devs to use it.

If you require that this happens with the "From:" header, you will have
to use a regexp in the data acl.

Will Harrison wrote:
> Thank you Renaud
>
> Will this actually check the "From:" header or just the actual sender?
>
> Thanks again
>
> Will
>
> Renaud Allard wrote:
>> Of course, with something like that it should work:
>>
>> acl_check_rcpt:
>>
>>         accept
>>         hosts           = :
>>         endpass
>>         message         = Sending mails from $sender_address_domain is
>> not permitted
>>         sender_domains  = +local_domains

>>
>>         accept
>>         authenticated   = *
>>         endpass
>>         message         = Sending mails from $sender_address_domain is
>> not permitted
>>         sender_domains  = +local_domains

>>
>>
>> Will Harrison wrote:
>>> Can we restrict mails sent from the local host to only be allowed to
>>> have their sender/from address be from a valid domain in
>>> /etc/localdomains?
>>>
>>> If a php script is used by a spammer he will usually set the from
>>> address to something other than the real domain e.g.
>>> accounts@???. As paypal.com in not listed in localdomains can
>>> we reject it?
>>>
>>> I hope I am making sence. Thanks in advance.
>>>
>>> Will
>>>
>>
>
>


--

.O.
..O
OOO

PGP key: http://www.llorien.org/gnupg/key.pub