Hello, I'm trying to verify the sender of my messages so that my users
(authenticated) can't send with FROM something like user@???,
but with the real and public email address. But actually every senders
is accepted. This is my ACL, I suppose that deny !verify =
sender/callout (or without callout) will do the job, but it's not, every
sender is accepted:
begin acl
acl_check_rcpt:
accept hosts = :
control = dkim_disable_verify
deny !verify = sender/callout
accept hosts = +relay_from_hosts
control = dkim_disable_verify
accept authenticated = *
control = dkim_disable_verify
drop condition = ${if
match{$sender_helo_name}{^[0-9]\.[0-9]\.[0-9]\.[0-9]}{yes}{no} }
message = "Dropped IP-only or IP-starting helo"
drop condition = ${if
!match{$sender_helo_name}{\N.*[A-Za-z].*\..*[A-Za-z].*\N}{yes}{no}}
message = HELO should be fully qualified domain name. See RFC821
deny condition = ${if
or{{!def:sender_helo_name}{eq{$sender_helo_name}{}}}{yes}{no}}
message = RFCs mandate HELO/EHLO before mail can
be sent
deny message = Restricted characters in address
domains = +local_domains
local_parts = ^[.] : ^.*[@%!/|]
deny message = Restricted characters in address
domains = !+local_domains
local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
require verify = sender
deny
message = [SPF] $sender_host_address is not allowed to send
mail \
from $sender_address_domain.
log_message = SPF check failed.
set acl_m9 = -ipv4=$sender_host_address \
-sender=$sender_address \
-helo=$sender_helo_name
set acl_m9 = ${run{/usr/bin/spfquery $acl_m9}}
condition = ${if eq {$runrc}{1}{true}{false}}
accept domains = +local_domains
control = dkim_disable_verify
endpass
verify = recipient
accept domains = +relay_to_domains
control = dkim_disable_verify
endpass
verify = recipient
accept hosts = +relay_from_hosts
control = dkim_disable_verify
deny message = Relay not permitted
accept hosts = 127.0.0.1:+relay_from_hosts
accept
****
Where is my fault? Thanks!
