Re: [exim] Preventing Authenticated Users From Sending As Ot…

Pàgina inicial
Delete this message
Reply to this message
Autor: David Saez Padros
Data:  
A: Brad Melanson
CC: Exim-users
Assumpte: Re: [exim] Preventing Authenticated Users From Sending As Other Accounts
Hi

If you always use the email address for each user as it's authentication
username then you can check at mail acl something like:

deny  authenticated = *
       condition     = ${if eqi{$authenticated_id}{$sender_address}}
       message       = You are not authorized to use $sender_address


> Hi there,
>
> I ran across a scenario on my new exim setup and am hoping someone can point me in the right direction as I am very new to Exim.
>
> Currently, I have Exim 4.69 installed on a FreeBSD 6.4 AMD64 machine with MySQL which is now deployed and running stable. We have disabled relaying and require users to connect via SSL to authenticate for both sending and recieving email.
>
> I have been running some tests and discovered that local authenticated users are able to send email as any address they wish, including other local users. This poses a security concern for my clients and was hoping to plug this hole.
>
> Is there a way of limiting authenticated users to only send email for their authenticated account?
>
> Thanks!
>
>
>
>       __________________________________________________________________
> Ask a question on any topic and get answers from real people. Go to Yahoo! Answers and share what you know at http://ca.answers.yahoo.com


--
Salu-2 y hasta pronto ...

----------------------------------------------------------------
    David Saez Padros                http://www.ols.es
    On-Line Services 2000 S.L.       telf    +34 902 50 29 75
----------------------------------------------------------------