Re: [exim] howto check if authenticated users are using a li…

Top Page
Delete this message
Reply to this message
Author: Felix Erkinger
Date:  
To: exim-users
CC: dot
Subject: Re: [exim] howto check if authenticated users are using a list of allowed email addresses
Hi Tony,
thank you very much for your help, after some fiddeling i was able to
use your scripts.

also i was able to write a second one, which checks if somebodies
envelope is outside our domains, but tries to forge an inside address in
the mailheader, which also works (using your template)

Here is the result of it, maybe somebody else could use it.

btw.: is there a possibility to make the error message more informativ
(eg. what address item was rejected) ?


# data ACL:
# if authenticated, check if envelope, sender, from,

# are within the allowed email addresses listed in email-per-user.txt 
                                                             deny 


  message = "user $authenticated_id may not use sender address 
$sender_address"
  !condition = ${if forall \
  {<, ${addresses:>, $sender_address},\
      ${addresses:>, $h_From:}, ${addresses:>, $h_Sender:} } \ 


{ match_address {$item}{${lookup {$authenticated_id} lsearch\
{/etc/exim4/email-per-user.txt} }} } }

authenticated = *


!hosts = +relay_from_hosts

# data ACL:
# if not authenticated or from relay hosts,
# check if mail header sender (Sender,Reply-To,From)

# are not in one of our or relayed domains
deny

  message = "need to authenticate to use addresses from our domains"
  condition= ${if forany \
   {<, ${addresses:>, $h_From:},\
       ${addresses:>, $h_Sender:}, \
       ${addresses:>, $h_Reply-to:} } \
   { match_domain {${domain:$item}}{+local_domains:+relay_to_domains}} } 


!authenticated = *

!hosts = +relay_from_hosts

Felix