On Tue, 2012-12-11 at 03:24 +0100, krzf83@??? wrote:
> I'm creating config that would reject sending email after smtp auth if
> From header email is not equal to smtp auth username. In addition it
> should return email that was not send to smtp auth-ed username mailbox
> with additional info. Reason for that are stolen smtp passwords. Those
> are used for for sending spam, almost always with some weird adress in
> from header. This system would not only reject abuse but also notify
> smtp accound user that someone have his password.
Something like this (not tested) at an appropriate point in your ACL
flow:
deny message = From and authenticated sender address don't match.
condition = {if !eq{address:$h_from:}{$authenticated_id}}
This does mean that your users won't be able to send from (for example)
role addresses in the same domain, or from other addresses such as
aliases (which they can in GMail).
If your users can take a strict policy like this, that's great;
otherwise you might want to investigate rate-limiting based on a similar
condition.
Graeme
