Re: [exim] Design question: cleaning up/restricting From: an…

Top Page
Delete this message
Reply to this message
Author: Rical Jasan
Date:  
To: exim-users
Subject: Re: [exim] Design question: cleaning up/restricting From: and Reply-To: headers to valid domains on outbound mail
I did that in the DATA ACL:

# Check that a From or Sender header is present.
require condition = ${if def:h_From: {1}{${if def:h_Sender: {1}{0}}}}
        message = Missing From: or Sender: header.  Consult RFC 5322.


# And use that to enforce our outbound policy.
require set acl_m_from_domain = ${if def:h_From: \
                                     {${domain:$h_From:}} \
                                     {${domain:$h_Sender:}} \
                                 }
        message = Not permitted to send as $acl_m_from_domain from here
        sender_domains = +internal_domains


It at least covers the simple case; I'm not sure about handling lists in
the header---never had to. Reply-To should follow similarly.

If you're gathering data to notify users of the change in policy before
you implement it, I'd log the authenticated_id together with the
inappropriate domain to make it easy to pull out of the logs later
(change the second require to warn and message to log_message):

        log_message = $authenticated_id tried to send as \
                      $acl_m_from_domain!



Rical