Re: [exim] authenticating from address for outgoing email?

Top Page
Delete this message
Reply to this message
Author: Jim Cheetham
Date:  
To: exim-users
Subject: Re: [exim] authenticating from address for outgoing email?
On 27/03/11 06:28, Jeff Lasman wrote:
> Some (not many) of the users of the exim.conf file I maintain have requested
> that we check to make sure the authenticated user sending email only use a
> From address we have on file for them.


You could make this an option that only applies to the users that
request it. Especially easy if your users are in a DB and you can add an
extra column for something like "strict auth from". You can then reject
email from these people if submission != from.

> What is the current consensus on this issue? Is it mentioned in any RFC?


Site-specific. I would tend to allow anything, but I have at least one
customer site where they have chosen differently.

> acl_check_rcpt:
> ...
>     deny
>         authenticated = *
>         condition     = ${if !eqi{$authenticated_id}{$sender_address}}
>         message       = Invalid authentication (you can only send From:$authenticated_id)
>         log_message   = acl_check_rcpt Invalid authentication (From:$sender_address, Auth:$authenticated_id)



-jim