Re: [exim] authenticating all users.

On 2012-11-29 at 11:20 +0100, Han Boetes wrote:
> We have a webserver running suphp. Very nice since it's no longer apache
> sending emails but the actual user and now we really can block spamming.
> All outgoing mail -- even local mail -- is sent through a an antispam
> server and then delivered where it should.

Last time I had PHP enabled (some years ago), I did something similar to
what I helped set up at the ISP I used to work at. Except I was using
mod_macro in Apache instead of script-generated Apache configs, as the
ISP used.

For running with suphp, that means in Apache:
SetEnv PHPRC /www/sites/%dirname/etc

Once you have that, in the per-site php.ini you can set:
mail.force_extra_parameters = -fwebmaster@???

This lets you use local Sendmail-style submission, instead of SMTP, so
in combination with a dedicated uid, means that you can identify the
user. You can then use $originator_uid in the client authenticator for
the outbound mail.

This will let you use the real UID for authenticating the bounce
messages per-site. If you're happy with just one account for all bounce
messages, then Mike's approach is simpler with fewer changes.

Using "mail.add_x_header = On" in php.ini is also advisable.

-Phil