Re: [exim] Block local submission

Top Page
Delete this message
Reply to this message
Author: GD
Date:  
To: exim-users
Subject: Re: [exim] Block local submission
Wow ... The discussion goes into the deep :)
So happy to find really qualified people here. I feel now so newbie.
You should help me solving many other issues with exim ... I'll do my
best to resist to simply ask, and I will read and try by myself before :D
But please, stay tuned.
g

On 19/07/2015 17:32, Jeremy Harris wrote:
> On 19/07/15 16:11, Viktor Dukhovni wrote:
>> On Sun, Jul 19, 2015 at 03:44:38PM +0100, Jeremy Harris wrote:
>>
>>>>>>    authenticated = root:exim
>>>>> Note that the "authenticated" condition
>>>>> takes a list of authenticator names, not
>>>>> user names.
>>>> Even with mail submitted via Exim's "sendmail" (without -bs)?
>>> Yes.  The documentation even says so.
>> What about lines 4745 through 4763 of exim.c:
> Not relevant for the ACL authenticated= condition
> (but see below for the $authenticated_id variable)

>
> - this condition depends on the sender_host_authenticated
> value, which is set in smtp_in_auth(). Apart from
> being copied via a spool file I don't see it getting
> set to a real value anywhere else in the source.
>
>
>> 4761   if (authenticated_id == NULL && !host_checking)
>> 4762     authenticated_id = originator_login;
>> 4763   }

>>
>> That last 'authenticated_id = originator_login' seems to suggest
>> otherwise? One might just have to be careful in the "trusted_caller"
>> case.
>>
>>>> And
>>>> what is the value of $authenticated_id in that context? [ Just
>>>> trying to make sense of the example ACLs from Lena. ]
>>> The $authenticated_id variable is set by an authenticator,
>>> using the authenticator server_set_id option. It is not
>>> set in any other way. If no authenticator has succeeded,
>>> it is not set.
>> I see that that's all that's documented, but perhaps the documentation
>> is not 100% complete in this case?
> I was wrong here; sorry. You are correct that $authenticated_id
> is set to the user name for a commandline send (apart from
> special cases permitted to admins). Docs:
>
>
> http://exim.org/exim-html-current/doc/html/spec_html/ch-string_expansions.html
>
> "When a message is submitted locally (that is, not over a TCP
> connection) the value of $authenticated_id is normally the login name of
> the calling process."
>
>