Re: [exim] - block outgoing mails whith from falsified

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Mike Brudenell
Date:  
À: Exim Users
Sujet: Re: [exim] - block outgoing mails whith from falsified
Hi, Fabián -

On 29 June 2016 at 15:06, Juan Bernhard <juan@???> wrote:

> You can extract the full email address with ${address:$header_from}



Remember that there is not just the RFC5322.From header, but also the
RFC5321.MailFrom address (in the envelope); you might want to check that as
well — see the *$sender_address* variable (and note that it retains the
original upper/lower case as supplied, so you may want to do a
case-insensitive search/match).

Also remember that both the RFC5322.From and RFC5321.MailFrom headers are
trivial to forge, so you probably want to base whether someone is allowed
to send emails based on the username they authenticated with, and the other
address checks just to make sure they're not doing any outrageous forging
etc.

Cheers,
Mike B-)

--
Systems Administrator & Change Manager
IT Services, University of York, Heslington, York YO10 5DD, UK
Tel: +44-(0)1904-323811

Web: www.york.ac.uk/it-services
Disclaimer: www.york.ac.uk/docs/disclaimer/email.htm