Re: [exim] Authenticated sender change

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Ted Cooper
Datum:  
To: exim-users
Betreff: Re: [exim] Authenticated sender change
Michael L Griffin wrote:
> Greetings all
>
>    A question or two if I may regarding authenticated relay and accountability.

>
> I have managed to add a "X-authenticatedID: $authenticated_id"
> header after much ado about nothing. What I want to do now is change
> the sender email address (From: email_addie) to the $authenticated_id
> which in my case is also the senders email address in order to stop
> sender address spoofing. I may want to change the "Reply-To:" as well
> if it is set.
>
> Basically what I am wanting to do is change :
> "From: John Doe <john@???>" to
> "From: John Doe <john@???>"
> where "john@???" is the spoofed address and "john@???" is
> the true email address which is also the $authenticated_id. I also
> need to account for situations where the name is not given but only
> the email addie; eg "From: <john@???>". Maybe I should add the spoofed
> address as an X-header for tracking?
>
> Any assistance in getting this working with the config included
> below would be greatly appreciated by a mere exim n00b like me.
>
> Many thanx for lending me your ears.... or at least your experience
> and expertise.


I would have thought that flat out rejecting without accepting emails
that spoof who they were from would be a far more practical approach. I
certainly wouldn't want people using my servers to spoof emails!

I haven't done any rewriting of addresses at all, but after a quick
peruse of the documentation at
http://www.exim.org/exim-html-current/doc/html/spec_html/ch31.html I
find that we have access to pretty much anything and everything.

Assuming that your users are authenticating with
user@??? type usernames ..

Something like ...
*@* ${if !eq{$authenticated_id}{$sender_address}\
{$authenticated_id}fail} EFrfS
.. might work. But you will also need to take into account that this
will rewrite EVERYTHING submitted to it. That is MX submissions from
outside etc. So fixing it up has been left as an exercise.

All of this rewrite config goes in the section of your config file labeled:
#############################################################
#                             REWRITE CONFIGURATION         #
#############################################################
begin rewrite
<here!>


Again, I really wouldn't recommend this. If an authenticated user is
spoofing an address, they deserve not to have their emails accepted in
the first place.

--
The Exim Manual
http://www.exim.org/docs.html
http://www.exim.org/exim-html-current/doc/html/spec_html/index.html