On 27/03/11 06:28, Jeff Lasman wrote:
> Some (not many) of the users of the exim.conf file I maintain have requested
> that we check to make sure the authenticated user sending email only use a
> From address we have on file for them.
You could make this an option that only applies to the users that
request it. Especially easy if your users are in a DB and you can add an
extra column for something like "strict auth from". You can then reject
email from these people if submission != from.
> What is the current consensus on this issue? Is it mentioned in any RFC?
Site-specific. I would tend to allow anything, but I have at least one
customer site where they have chosen differently.
> acl_check_rcpt:
> ...
> deny
> authenticated = *
> condition = ${if !eqi{$authenticated_id}{$sender_address}}
> message = Invalid authentication (you can only send From:$authenticated_id)
> log_message = acl_check_rcpt Invalid authentication (From:$sender_address, Auth:$authenticated_id)
-jim
