On Mon, 29 Sep 2008, Björn Keil wrote:
>
> Hello,
>
> I am trying to figure out how to figure best, that an authenticated_id
> somehow fits to whatever sender is given in the envelop of a mail. What I
> find confusing about it is firstly AUTH Parameter in the MAIL command seems
> to possibly contain a different email address than given in the FROM. The
> example from the Exim Guide[1] on Page 287 is
>
> MAIL FROM:<theboss@???> AUTH=joker@???
>
> If this is set by the sender of the mail and not added by exim, does exim
> somehow verify this?
>
I use:
deny sender_domains = +accepted_here_domains
authenticated = *
condition = ${if eq {$authenticated_id}{${lc:$sender_address}}\
{no}{yes}}
message = rejected: You must send as the ID you authenticate with.
(sender domains is likely not needed in your config, I added
it for some reason here)
> Secondly I am notquite sure how to deal with aliases... for example, several
> users may be allowed to respond for webmaster or for postmaster or root. If
> Id simply say a user may only use whatever email address is given in
> /etc/email-addresses that may be extremely limiting.
>
But, wouldn't they still reply as their 'real' account? Otherwise,
just have their MUA use a different sending profile(s) that they can
select to send as web/post/whatever.
> Isn't it normal to check for this, somehow? If it is configured in default
> Debian (and therefore Ubuntu) configuration I must have missed in by now.
> The version I use is 4.63 out of Debian Etch with the matching config
> package.
For debian specific info, it's best to ask on the debian exim list:
http://lists.alioth.debian.org/mailman/listinfo/pkg-exim4-users
--
--------------------------------------------------------
Dave Lugo dlugo@??? LC Unit #260 TINLC
Have you hugged your firewall today? No spam, thanks.
--------------------------------------------------------
Are you the police? . . . . No ma'am, we're sysadmins.
