Re: [exim] how to secure alias-overtakings by other mailacco…

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Deep Thought
Date:  
À: exim-users
Sujet: Re: [exim] how to secure alias-overtakings by other mailaccounts
Thanks to all for your answers,

I'll give the acl_ckeck_data a chance. The funny thing is that I checked
some free Mail providers like gmx, web.de, and so on
And Web.de was the only one that always created a warning mail to my
mailaccount, that someone wanted to use my mailaddress and whether I
want to allow it or not. Thats the reason I thought there must a way to
do so, too.

Greetings,
Sandra

Am 18.02.2013 16:43, schrieb Ian Eiloart:
> On 17 Feb 2013, at 20:46, Deep Thought <service@???> wrote:
>
>> Dear Sir or Madam,
>>
>> I am using Exim on my server and realized that any user can overtake a mail address created by an user account. So it seems that for example, I can just enter an Alias or even change my sender mailaddress for example in Thunderbird to any mail addresses created by the account.
> Yes, that's true.
>
> Similarly, if I write a letter to anyone, I can put your address at the top of the letter, or any address that I like to put. There's nothing that you, or anyone else, can do to prevent that.
>
> The only things that you can do to attempt to secure your email domain (and hence addresses in that domain) are to publish SPF, DKIM and DMARC records. Some recipient sites will check those records, including some large email service providers. None of that will prevent forgery.
>
> You can also use S-MIME or GPG/PGP to sign outgoing mail, but that only protects you to the extent that recipients (a) expect it, and (b) have tools to analyse the signatures.
>
>> There is no security check or a warning message like "Hey someone is using your mailaddress".
>>
>> How can I secure it? Is there any setting to change this behaviour? That the owner of the mail address has to agree on using its mail address as an alias or sender mail address from another account?
> You can only do this if you know the sender is going to use your email server. In that case you could, for example, create an ACL that requires that the sender address be present in the from header.
>
>> Thanks in advance,
>> Sandra Mende
>>
>> --
>> ## List details at https://lists.exim.org/mailman/listinfo/exim-users
>> ## Exim details at http://www.exim.org/
>> ## Please use the Wiki with this list - http://wiki.exim.org/
>
>