Re: [exim] howto check if authenticated users are using a li…

Top Page
Delete this message
Reply to this message
Author: Tony Finch
Date:  
To: Felix Erkinger
CC: exim-users
Subject: Re: [exim] howto check if authenticated users are using a list of allowed email addresses
On Thu, 14 Feb 2008, Felix Erkinger wrote:
>
> btw.: is there a possibility to make the error message more informativ
> (eg. what address item was rejected) ?


The condition I gave you before was designed to cope with the unusual case
of messages that have more than one address in the From: field. If you
reject messages with more than one From: address then you don't need to
use the forall{}{} condition. You can instead test each address separately
and produce a more specific error message. (This has the slight
disadvantage of making the checks a bit repetitive, but the advantage of
making them simpler.)

In many cases it is reasonable to ask for replies to be sent to addresses
at remote domains, for example, I set a Reply-To: header on my posts to
this list. It is also OK (and, unlike From:, fairly common) to have more
than one address in the Reply-To: field. It's even reasonable to set
Reply-To: to multiple addresses at different domains, for example, if I
send out a party invitation and ask the recipients to RSVP to me and my
wife. On the other hand, your local situation might make it sendible to
have a strict policy, so you could treat Reply-To: in the same way as
From:.

  # use a macro to make the checks less repetitive
  USER_ADDRS= ${lookup  {$authenticated_id} \
                lsearch {/etc/exim4/email-per-user.txt} }


  deny
    message = "more than one address in From: line"
    authenticated = *
    condition = ${if match{@.*@}{$h_From:} }


  deny
    message = "user $authenticated_id may not use sender address $sender_address"
    authenticated = *
  ! condition = ${if match_address{$sender_address}{USER_ADDRS} }


  deny
    message = "user $authenticated_id may not use From: address ${address:$h_From:}"
    authenticated = *
  ! condition = ${if match_address{${address:$h_From:}}{USER_ADDRS} }


# etc.

Tony.
--
<fanf@???> <dot@???> http://dotat.at/ ${sg{\N${sg{\
N\}{([^N]*)(.)(.)(.*)}{\$1\$3\$2\$1\$3\n\$2\$3\$4\$3\n\$3\$2\$4}}\
\N}{([^N]*)(.)(.)(.*)}{\$1\$3\$2\$1\$3\n\$2\$3\$4\$3\n\$3\$2\$4}}