Re: [exim] Block local submission

Αρχική Σελίδα
Delete this message
Reply to this message
Συντάκτης: Viktor Dukhovni
Ημερομηνία:  
Προς: exim-users
Αντικείμενο: Re: [exim] Block local submission
On Sun, Jul 19, 2015 at 03:44:38PM +0100, Jeremy Harris wrote:

> >>> authenticated = root:exim
> >>
> >> Note that the "authenticated" condition
> >> takes a list of authenticator names, not
> >> user names.
> >
> > Even with mail submitted via Exim's "sendmail" (without -bs)?
>
> Yes. The documentation even says so.


What about lines 4745 through 4763 of exim.c:

http://git.exim.org/exim.git/blob/1dace7534d670a7e1a41160cbe044b0a85433dfd:/src/src/exim.c

4745 /* A locally-supplied message is considered to be coming from a local user
4746 unless a trusted caller supplies a sender address with -f, or is passing in the
4747 message via SMTP (inetd invocation or otherwise). */
4748 
4749 if ((sender_address == NULL && !smtp_input) ||
4750     (!trusted_caller && filter_test == FTEST_NONE))
4751   {
4752   sender_local = TRUE;
4753 
4754   /* A trusted caller can supply authenticated_sender and authenticated_id
4755   via -oMas and -oMai and if so, they will already be set. Otherwise, force
4756   defaults except when host checking. */
4757 
4758   if (authenticated_sender == NULL && !host_checking)
4759     authenticated_sender = string_sprintf("%s@%s", originator_login,
4760       qualify_domain_sender);
4761   if (authenticated_id == NULL && !host_checking)
4762     authenticated_id = originator_login;
4763   }


That last 'authenticated_id = originator_login' seems to suggest
otherwise? One might just have to be careful in the "trusted_caller"
case.

> > And
> > what is the value of $authenticated_id in that context? [ Just
> > trying to make sense of the example ACLs from Lena. ]
>
> The $authenticated_id variable is set by an authenticator,
> using the authenticator server_set_id option. It is not
> set in any other way. If no authenticator has succeeded,
> it is not set.


I see that that's all that's documented, but perhaps the documentation
is not 100% complete in this case?

-- 
    Viktor.