Re: [exim] Preventing Authenticated Users From Sending As Ot…

> From: Brad Melanson

> local authenticated users are able to send email as any address they wish,
> including other local users. This poses a security concern for my clients
> and was hoping to plug this hole.

Which exactly security concern?
Users who have their own domains and other email addresses hosted elsewhere
need to be able to send email with envelope-from and "From:" differing from
their authenticated id. Because not every hoster and
not every email provider offers a relay ("SMTP-server").
Instead of restriction, make Exim to specify authenticated id in the header
for investigation in case of a complaint.
For that look at "received_header_text" in
"14.23 Alphabetical list of main options" in Exim documentation.
Add in the beginning of Exim config:

received_header_text = Received: \
${if def:sender_rcvhost {from $sender_rcvhost\n\t}\
{${if def:sender_ident \
{from ${quote_local_part:$sender_ident} }}\
${if def:sender_helo_name {(helo=$sender_helo_name)\n\t}}}}\
by $primary_hostname \
${if def:received_protocol {with $received_protocol}} \
${if def:tls_cipher {($tls_cipher)\n\t}}\
(Exim $version_number)\n\t\
${if def:sender_address \
{(envelope-from <$sender_address>)\n\t}}\
id $message_exim_id\
${if def:received_for {\n\tfor $received_for}}\
${if def:authenticated_id {\n\t(authenticated as \
<${sg{$authenticated_id}{@}{#}}>)}}