Hi there,
I ran across a scenario on my new exim setup and am hoping someone can point me in the right direction as I am very new to Exim.
Currently, I have Exim 4.69 installed on a FreeBSD 6.4 AMD64 machine with MySQL which is now deployed and running stable. We have disabled relaying and require users to connect via SSL to authenticate for both sending and recieving email.
I have been running some tests and discovered that local authenticated users are able to send email as any address they wish, including other local users. This poses a security concern for my clients and was hoping to plug this hole.
Is there a way of limiting authenticated users to only send email for their authenticated account?
Thanks!
__________________________________________________________________
Ask a question on any topic and get answers from real people. Go to Yahoo! Answers and share what you know at http://ca.answers.yahoo.comFrom prvs=0546672441=exim-users-20081202@??? Thu Oct 22 08:54:53 2009
Envelope-to: Exim-users@???
Received: from mail.rudolf.org.uk ([91.84.196.3]:56245)
by tahini.csx.cam.ac.uk with esmtp (Exim 4.69)
(envelope-from <prvs=0546672441=exim-users-20081202@???>)
id 1N0sVU-0007sq-UQ
for Exim-users@???; Thu, 22 Oct 2009 08:54:53 +0100
Received: from davide by mail.rudolf.org.uk with local
id 1N0sVP-00075D-L5-cc04a77ba6b86f3042e989b918efb6e5dc70677f;
Thu, 22 Oct 2009 07:54:43 +0000
Date: Thu, 22 Oct 2009 08:54:43 +0100
From: Dave Evans <exim-users-20081202@???>
To: Brad Melanson <bradm2k@???>
Message-ID: <20091022075443.GA26988@???>
Mail-Followup-To: Brad Melanson <bradm2k@???>, Exim-users@???
References: <689531.47848.qm@???>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="a8Wt8u1KmwUX3Y2C"
Content-Disposition: inline
In-Reply-To: <689531.47848.qm@???>
OpenPGP: id=4EA79249; url=http://djce.org.uk/pgpkey
User-Agent: Mutt/1.5.18 (2008-05-17)
X-Spam-Score: 0.9 (/)
X-Spam-Status: No, score=0.9 required=5.0 tests=AWL=-0.159, BAYES_00=-1.5,
FROM_ENDS_IN_NUMS=2.53 autolearn=no version=3.1.8
Cc: Exim-users@???
Subject: Re: [exim] Preventing Authenticated Users From Sending As
Other Accounts
X-BeenThere: exim-users@???
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: A user list for the exim MTA <exim-users.exim.org>
List-Unsubscribe: <http://lists.exim.org/mailman/listinfo/exim-users>,
<mailto:exim-users-request@exim.org?subject=unsubscribe>
List-Archive: <http://lists.exim.org/lurker/list/exim-users.html>
List-Post: <mailto:exim-users@exim.org>
List-Help: <mailto:exim-users-request@exim.org?subject=help>
List-Subscribe: <http://lists.exim.org/mailman/listinfo/exim-users>,
<mailto:exim-users-request@exim.org?subject=subscribe>
X-List-Received-Date: Thu, 22 Oct 2009 07:54:53 -0000
--a8Wt8u1KmwUX3Y2C
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Wed, Oct 21, 2009 at 02:14:11PM -0700, Brad Melanson wrote:
> Hi there,
>=20
> I ran across a scenario on my new exim setup and am hoping someone can po=
int me in the right direction as I am very new to Exim.
>=20
> Currently, I have Exim 4.69 installed on a FreeBSD 6.4 AMD64 machine with=
MySQL which is now deployed and running stable. We have disabled relaying =
and require users to connect via SSL to authenticate for both sending and r=
ecieving email.
>=20
> I have been running some tests and discovered that local authenticated us=
ers are able to send email as any address they wish, including other local =
users. This poses a security concern for my clients and was hoping to plug =
this hole.
>=20
> Is there a way of limiting authenticated users to only send email for the=
ir authenticated account?
As long as you can define what "only send email for their authenticated
account" means in terms of SMTP, then yes.
Obvious possiblities include restricting the MAIL FROM address, and/or
restricting the "From" header. For the former, you'd use an ACL in
acl_smtp_mail; for the latter, an ACL in acl_data. Either way you'd
presumably want to use $authenticated_id as part of the logic.
Whether or not it's a good idea, though, is an entirely separate question. =
It
depends what problem you're trying to solve - that your users shouldn't be
able to fool the recipients of their email? Or that if they /do/ do that,
that they should know that /you/ know that is was them that sent it?
--=20
Dave Evans
http://djce.org.uk/
http://djce.org.uk/pgpkey
--a8Wt8u1KmwUX3Y2C
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkrgD8EACgkQnYOJTU6nkkkl9QCfS6J2zAAUuGSNpJOTUfdFmjHB
tvAAn0l6XYZuisjaoC7ZdAzvTlAYXLZL
=rcR1
-----END PGP SIGNATURE-----
--a8Wt8u1KmwUX3Y2C--