Author: Chris Knadle Date: To: exim-users Subject: Re: [exim] how to secure alias-overtakings by other mailaccounts
On Monday, February 18, 2013 08:11:14, Chris Wilson wrote: > Hi all,
>
> On Mon, 18 Feb 2013, Chris Knadle wrote:
> > On Sunday, February 17, 2013 15:46:19, Deep Thought wrote:
> >> Dear Sir or Madam,
> >>
> >> I am using Exim on my server and realized that any user can overtake a
> >> mail address created by an user account. So it seems that for example, I
> >> can just enter an Alias or even change my sender mailaddress for example
> >> in Thunderbird to any mail addresses created by the account.
>
> [...]
>
> >> How can I secure it? Is there any setting to change this behaviour? That
> >> the owner of the mail address has to agree on using its mail address as
> >> an alias or sender mail address from another account?
> >
> > To do this (theoretically) you'd have to give Exim some way to /reliably/
> > iditify the user sending an email, independent of what the outbound email
> > address is, and then "validate" an outbound email address with the user
> > in an ACL rule.
[...]
> I'd say that user authentication (requiring auth to send mail "from" your
> domain) and a lookup list of allowed email addresses for each account
> would "secure" it. Note that it doesn't prevent anyone on the rest of the
> Internet from forging your email addresses. There is currently no way
> to prevent that because email is not secure.
I think validating user <-> email via SMTP AUTH and a lookup on the AUTH
username will work to stop users that send email through "the local Exim
server system" from being able to use the wrong outbound email address.
However it should be noted that this is attempting to use a technological
solution for what essentially sounds like a social problem.
As such, it's more likely that this check can be limited to a particular set
of email addresses that need to be controlled. For instance, it's common for
companies to have a "company-wide" email alias that sends email to all users,
but only a very limited number of people that are supposed to use it. Thus
what I'm suggesting here is flipping the lookup logic -- looking up the email
address/alias, and matching on the list of users that are allowed to use it.
This also limits the number of users that must have their mail clients set to
use SMTP AUTH.
> (DKIM helps, but not many recipients require valid DKIM headers, so it's
> possible to fool almost all recipient anyway).
Assuming that emails are coming in directly to the Exim server, the email Exim
receives happens before there's any DKIM signature, since that's something
that an MTA adds rather than a mail client.
